IntelePeer takes its responsibility seriously to protect the sensitive information to which we have access in conjunction with the provision of our products and services. IntelePeer commits to using any Personal Information collected only for the purposes of provisioning and enhancing our offerings to our customers, and to not using or sharing your information with anyone except as described in this Policy. For any questions about this Policy, please contact IntelePeer at firstname.lastname@example.org.
In this Policy, IntelePeer outlines our privacy practices, including how and why we collect, use and share any personal or sensitive data through our interaction with our customers and their users using our products, services, applications, customer portal, platforms and application programming interfaces (“Services”), as well as visitors to our website at www.intelepeer.com (“Website”). The Policy also describes your choices regarding use, access, deletion and correction of any Personal Information. As such, this Policy applies to our customers and their users or customers (“Customers”), along with all other individuals who are not our Customers but use the IntelePeer Website or Services for some legitimate purpose (“Users”). Your use our Services or Website constitutes agreement to the treatment of your information as set forth in this Policy.
This Policy also describes IntelePeer’s practices with regard to the collection, use, and retention of any Personal Information (defined below) from the European Union (“EU”) that IntelePeer receives in the United States. For such Personal Information, IntelePeer has elected to self-certify to the EU-U.S. Privacy Shield Framework administered by the U.S. Department of Commerce (“EU-U.S. Privacy Shield”), including the Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability as further detailed in this Policy. For more information about the Privacy Shield or IntelePeer’s certification, see the U.S. Department of Commerce’s Privacy Shield website located at www.privacyshield.gov.
4.1 Collection of Information
IntelePeer may obtain certain information, which may be considered personal, personally-identifiable or sensitive, from you or automatically from your device(s), when using our Website or Services (“Personal Information”).
- This Personal Information may include but is not limited to names, job titles, postal addresses, telephone numbers, email addresses, employee names; Customers’ log-in credentials, authentication data, identification numbers, location data, metadata, cookie identifiers, log data, types of Service used, credit application information, credit card information, payment information, instant messenger user name, and any communications, inquiries, contact or other information Customer or User generates or provides access to as a result of using the Website or Services.
- To continue to provide you quality Services, trouble-shoot any issues, and introduce new solutions, IntelePeer may need to track (i) information or activity about the configurations of the Customer’s systems, networks or devices for monitoring our networks and systems; (ii) the navigational usage of our Website; (iii) our performance metrics; and (iv) the communications traffic and associated records for your communications, including without limitation the time, date, duration, and type of communication, the location of the device generating the communication, the source and destination of the communication and the content of the communication, such as texts, message bodies, voice and video media, images, and sound, containing or creating such data.
- IntelePeer may also collect Personal Information when you are completing online forms, contacting our Sales team, signing up for a newsletter or white papers, registering for an event, making requests to our APIs, or taking a survey.
When we obtain your Personal Information, we will only use this Personal Information for the specific reason(s) for which it is collected and no other reason.
Please note that the Personal Information collected by IntelePeer for the provision of our Services may include Personal Information about your customers, end users, employees, business associates, agents, any person you communicate with in the course of your business or any other User, to the extent those persons utilize our Services or systems, or their Personal Information is contained in the content of your communications to us as our Customer. Some applicable data privacy laws, like the EU, differentiate between “controllers” and “processors” of Personal Information. When IntelePeer processes Personal Information from our Customers about their customers or end users, IntelePeer generally acts as a processor, though we may act as a controller in some respects. For example, IntelePeer may need to use certain Personal Information for the legitimate interests of billing, reconciling invoices with underlying third-party providers, in the context of troubleshooting and detecting problems with the network or in connection with investigating or preventing network exploits, fraudulent activity or other security incidents. When acting as processor for our Customers, IntelePeer will adhere to the terms of this Policy, unless otherwise instructed by the Customer pursuant to our service contracts.
Special Categories of Personal Information
IntelePeer does not intentionally collect or process any special categories of data in the provision of its Services or Website. However, special categories of data may from time to time be inadvertently processed by IntelePeer where the Customer or User choose to include this type of data within the communications transmitted using the Services or Website. As such, the Customer or User respectively has sole responsibility for ensuring the legality of any special categories of data it or its Users choose to process using the Services or Website including without limitation any Personal Information which is likely to result in high risk to the data protection rights and freedoms of the Data Subject as defined by the EU Regulation 2016/679 (“GDPR”), and to promptly inform and provide IntelePeer with reasonable and timely assistance as IntelePeer may require in order to conduct any requisite data protection impact assessment and consultation with any relevant data protection authority.
Our Services are for business enterprise customers and should not address or involve anyone under the age of 13 using our Website or Services, and we do not knowingly permit such usage. In the case we become aware that a child under 13 has provided us with Personal Information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us so that we will be able to undertake necessary actions to address the situation.
4.2 Use of Information
Subject to the terms of this Policy, IntelePeer may use the Personal Information collected from our Customers or Users for a range of purposes, including to:
- Deliver, maintain, and monitor our quality Services and associated support to our Customers;
- Administer, operate, secure, manage and promote the Website and Services (including our Customer portal and our network and systems);
- Evaluate, support and enhance the performance and efficiency of our Services and Website;
- Conduct business transactions, including creating and sending contracts, confirmations and invoices, assessing and remitting taxes, and auditing our practices;
- Detect, prevent, investigate and resolve security incidents, fraud or other misuse of our Services;
- Protect the rights, property and safety of Customer, User, their users, customers or other related third parties, as well as of IntelePeer;
- Notify our Customers or Users with technical alerts, service updates, security notifications, and other administrative communications;
- Analyze and aggregate data for purposes of marketing our Services, identifying market trends and developing innovative solutions offered to our Customers;
- Respond to inquiries and requests for additional resources about IntelePeer and our Services;
- Comply with applicable laws relating to the Services and Website; and
- Perform any incidental statistical analysis of the Services for the benefit of all customers provided that there is no adverse impact on the level of protection of any Personal Information even after the termination or expiration of any services agreement you have with IntelePeer.
For any other purposes not listed, IntelePeer will obtain supplemental consent from you in writing. For any marketing materials sent, IntelePeer will only contact you pursuant to your marketing preference, and provide you an opportunity to unsubscribe from any further communications.
IntelePeer will collect and process Personal Information from our Customers and Users when: (i) we need the Personal Information to perform our obligations under a contract for the provision of cloud communications services with connections primarily offered in the form of APIs, secured SIP trunking or dedicated circuits to or from other communications networks or storage facilities; (ii) we have obtained your consent to do so; (iii) required by law; (iv) our legitimate interests (as listed above or otherwise provided in writing) in doing so does not overridden by the data protection interests or fundamental rights and freedoms you have in the Personal Information. If Personal Information is required to comply with a legal requirement or enter into a contract, IntelePeer will advise you whether the provision of your Personal Information is mandatory and what the possible consequences are if the Personal Information is not made available.
Access by Third Parties
IntelePeer does not sell the Personal Information of our Users, Customers or our Customers’ customers or end users to any third party, or otherwise share Personal Information for those third parties’ own business interests unrelated to the provision of our Services or support.
IntelePeer may employ third-party entities and individuals, including business partners, contractors, vendors, and authorized third party agents, to:
- Facilitate the provision of our Services, such as obtaining telephone numbers or messaging short codes, or connecting and routing calls or messages to other over-the-top providers or the public switched telephone network (“PSTN”);
- Perform services related to providing our Services, such as support or technical services, and payment or credit card processing;
- Assist us in analyzing how our Services are used;
- Send marketing and other communications related to business;
- Enforce our contractual requirements or policies, including our Information Security Policies; or
- Conduct diligence in connection with prospective or actual, sale, merger, acquisition, financing or reorganization of our business.
These third-party entities may have access to your Personal Information for the purposes of performing the tasks assigned to them on our behalf. Each of these third-parties are obligated contractually not to disclose or use the information for any other purpose. However, this Policy does not apply to, nor is IntelePeer responsible for in any way, the privacy, information or other practices of any third-parties.
Any of the aforementioned third parties who processes Personal Information of EU residents that constitutes Personal Data as defined in the GDPR, along with any amendments or successor legislation, is a “Sub-Processor”. By using our Website and Services, you specifically consent to our engagement of the Sub-Processors set forth at www.intelepeer.com/privacy/subprocessor-list (“Sub-Processor List”) to process the Personal Data you provided, as long as we: (i) ensure that Sub-Processors are capable of providing the level of protections set forth herein; (ii) impose data protection terms on any Sub-Processor it appoints that protect the Personal Data to a standard no less stringent than provided for by this Policy to the extent applicable to the nature of the services provided by such Sub-Processor; (iii) maintain its Sub-Processors List; and (iv) remain fully liable for any breach of this Policy caused by an act, error or omission of its Sub-Processor. You may object to our appointment or replacement of a third party Sub-Processor, provided such objection is submitted within thirty (30) days of such Sub-Processor being added to the Sub-Processor List on reasonable grounds relating to the protection of the Personal Data. In such event, we will either not appoint or replace the Sub-Processor or, if this is not possible, you may suspend or terminate the impacted Services or use of our Website without liability. If you have not objected to a Sub-Processor on the Sub-Processor List within this timeframe, you will be deemed to have consented to the Sub-Processor and to have waived any right to dispute the use of such Sub-Processor. Under no circumstances will you directly communicate with our Sub-Processors about the Services or Website, unless agreed to by IntelePeer in writing.
You also acknowledge that, in order to send your communications using the Services, IntelePeer may need to transmit your communications through existing telecommunications networks, operated by companies bound to comply with applicable telecommunications and privacy laws, but who may not have any direct contracts with either Party. You hereby instruct IntelePeer to transmit the communications through existing telecommunications networks as necessary to provide the Services and acknowledge and agree that such telecommunications networks are not considered Sub-Processors under this Policy.
Finally, IntelePeer may disclose Personal Information to third-parties who are governmental entities or authorized representatives, if IntelePeer reasonably believes that disclosure is compelled (i) by applicable law, regulation, legal process or a government request; (ii) by the need to protect ourselves, our Customer or the public from harm or illegal activities or to defend the rights, interests or property of ours, our Customers, or the public; (iii) by the desire to prevent or investigate wrongdoing in connection with the Website or our Services; or (iv) in response to an emergency which IntelePeer reasonably believes in good faith requires disclosure of the Personal Information to assist in preventing a death or serious bodily injury. The governmental entities may include law enforcement agencies, regulatory or legislative bodies, or other third parties who in order to respond to legal process in a litigation matter. If IntelePeer is required by law to disclose any Personal Information of our Customer or their end user or customer, IntelePeer will notify Customer of the disclosure requirement, unless prohibited by law.
Transfer of Information Internationally
Your Personal Information may be transferred to, and processed in, countries other than the country in which you are resident. Specifically, information collected outside the United States may be transferred to and stored on our servers in the United States, and potentially in other countries where our group companies and third-party service providers and partners operate. These countries may have data protection laws that are different from, and in some instances less protective than the laws in your country. However, IntelePeer has attempted to ensure that your Personal Information will remain protected in accordance with this Policy and applicable laws, by certifying to the Department of Commerce that IntelePeer adheres to the EU-U.S. Privacy Shield Principles. If any conflict arises between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles will govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
4.3 Security and Retention of Information
IntelePeer strives to use commercially acceptable measures for securing your Personal Information, through employing current industry standards and state-of-the-art technologies, based on the sensitivity of the Personal Information being protected and the likelihood of any risk associated with such Personal Information. Such measures may include, as appropriate: (a) the pseudonymization or encryption of Personal Information; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; or (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. However, we cannot guarantee that unauthorized access, hacking, data loss or data breach will never occur, so Customers and Users must inform IntelePeer without undue delay upon becoming aware of a security issue, and provide timely details and cooperation as IntelePeer may require in order for IntelePeer to address the issue and comply with all applicable data protection laws. Such details should include the possible cause and consequences, the categories of Personal Information involved, a summary of unauthorized recipients of the Personal Information and the anticipated mitigation measures.
To protect Personal Information, IntelePeer utilizes technical and organizational safeguards, internally and with third-party vendors, both during transmission and in storage from accidental or unlawful destruction, as well as loss, alteration, unauthorized disclosure of, or access to the Personal Information. Such safeguards will take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, the risk of varying likelihood and severity for the rights and freedoms of natural persons, and any technical progress or further developments of such. A detailed description of the technical and organizational security measures implemented by IntelePeer can be found at www.intelepeer.com/privacy/TOMs (“Security Measures”), which IntelePeer reserves the right to modify the description and measures as needed, provided that such changes will not degrade the functionality and security of the Services. By using our Services or Website, Customers and Users hereby agree to be solely responsible for determining whether the Security Measures are suitable for its use, and implementing any additional safeguards necessary for its own adherence to applicable data protection laws. IntelePeer also will attempt to take such commercially reasonable actions as are necessary to remedy or mitigate the effects of any security incident, to keep impacted Customers and Users apprised of all developments in connection with the incident, and to treat information shared by Customers or Users in relation to the incident as confidential.
IntelePeer also retains Personal Information for no longer than is necessary to fulfill the purposes for which the information was originally collected, unless a longer retention period is required pursuant to IntelePeer’s Record Retention Policy, or permitted for legal, tax or regulatory reasons, or other legitimate and lawful business purposes. The majority of the Personal Information associated with a Customer account will be stored for 7 years following the closure of the account, unless longer periods are required for accounting, tax, audit or other legal purposes. Any communications or interactions with our Support teams will be retained for 3 years. Where we have no ongoing legitimate business reasons or legal obligations to have your Personal Information, we will either delete or anonymize it for analytic purposes. If you ask IntelePeer to delete specific Personal Information, we will honor your request unless deleting that information prevents IntelePeer from complying with applicable law or its Record Retention Policy for carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.
4.4 Choices about Customer Information
Customers can make various self-service choices about your Personal Information through the Customer portal. To the extent self-service features are not available to sufficiently enable Data Controller to comply with a request, please submit any other correspondence, inquiry or request from you, your customers, a governmental entity or any third party to email@example.com. As our Customer, you also are responsible for adopting appropriate measures that allow IntelePeer to respond in a timely manner to the owner of Personal Data in their efforts to exercise any of their rights under GDPR, including rights of access, correction, objection, erasure and data portability, as applicable. Such requests will be handled in accordance with applicable laws.
Please note that requesting closure or deletion of your Customer account will result in you permanently losing access to your account and data in the account, and will be accommodated to the extent allowed by our retention obligations set forth in the Security and Retention of Information section. For any Personal Information collected or processed based on your consent, you can withdraw such consent at any time, though withdrawing your consent will not affect the lawfulness of any processing IntelePeer conducted prior to your withdrawal, or in reliance on lawful processing grounds other than consent.
Customers may also at any time ask us to remove you from our marketing lists for promotional communications by sending us an email at firstname.lastname@example.org, and we will remove you from our lists in accordance with applicable laws. Please note that even if you opt out of promotional communications, IntelePeer may still send you non-promotional messages relating to updates to our terms of service or privacy notices, security alerts, and other notices relating to your access to or use of our Services.
Please note that making any changes pursuant to this section may take up to 45 days from the date of request. For any questions about this Policy, please contact IntelePeer at email@example.com.
4.5 Choices about User Information
Users may also at any time ask us to remove you from our marketing lists for promotional communications by sending us an email at firstname.lastname@example.org, and we will remove you from our lists in accordance with applicable laws. Please note that even if you opt out of promotional communications, IntelePeer may still send you non-promotional messages relating to updates to our terms of service or privacy notices, security alerts, and other notices relating to your access to or use of our Services.
Please note that making any changes pursuant to this section may take up to thirty (30) days from the date of request. For any questions about this Policy, please contact IntelePeer at email@example.com.
5.0 Compliance and Enforcement
IntelePeer hopes we can resolve any disputes relating to our data protection practices between us. For any questions, concerns or complaints related to this Policy, please contact IntelePeer at firstname.lastname@example.org. If we are unable to resolve a dispute with a Customer in this manner, please refer to the dispute resolution terms of the underlying service contract.
Individuals from the European Union may also exercise additional rights to make a complaint to a competent data protection authority or commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws, or to engage an independent dispute resolution provider, at no cost to you, as part of our Privacy Shield. In compliance with the Privacy Shield Principles, IntelePeer commits to resolve complaints about our collection or use of your Personal Information for EU residents. If you are an EU resident and IntelePeer has not addressed your Privacy Shield complaint to your satisfaction, please consult ec.europa.eu/justice/data-protection/files/annexes_eu-us_privacy_shield_en.pdf for more information on how to file a complaint and then visit www.agpd.es/ for information on how to contact the Spanish Data Protection Agency; provided that you have (1) contacted IntelePeer and afforded us the opportunity to resolve the issue; (2) contacted the U.S. Department of Commerce at www.privacyshield.gov/assistance and afforded the Department of Commerce time to attempt to resolve the issue. Filing the complaint will be at no cost to you, except that each party will be responsible for its own attorneys’ fees.
Our Information Security Team is primarily responsible for enforcing this Policy, will audit general compliance by IntelePeer no less than once every three years, and will revise the Policy as necessary. The latest summary report generated from an audit or summary report will be made available to any Customer or User upon request free of charge. At its sole expense, Customer or User may also audit IntelePeer’s compliance with this Policy. Under no circumstances will any audit endanger the protection of Personal Information or disrupt our normal business practices.
Exceptions by IntelePeer to the practices set forth in this Policy require approval from the IntelePeer Executive Team. Our employees must notify the Information Security Team at email@example.com, if they or anyone else has access to Personal Information that is not a consequence of their current job function. Violations of this Policy by our employees may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including terminating employment or reporting to the applicable authorities.
As set forth in the Sections above, the following definitions apply for this Policy:
- Customers: The customers of IntelePeer, along with their users or customers.
- Services: Our products, services, applications, customer portal, platforms and application programming interfaces as our Customer, their customers or users.
- Personal Information: Any information of the IntelePeer Customers or Users, which is protected under this Policy and may include, but is not limited to: names, job titles, postal addresses, telephone numbers, email addresses, employee names; Customers’ log-in credentials, authentication data, identification numbers, location data, types of Service used, credit card information, payment information, instant messenger user name; metadata, cookie identifiers, log data; the navigational usage of our Website; any communications, inquiries, contact or other information Customer or User generates or provides access to as a result of using the Website or Services; information or activity about the configurations of the Customer’s systems, networks or devices for monitoring our networks and systems; our performance metrics; and the communications traffic and associated records for your communications, including without limitation the time, date, duration, and type of communication, the location of the device generating the communication, the source and destination of the communication and the content of the communication, such as texts, message bodies, voice and video media, images, and sound, containing or creating such data.
- Users: All other individuals who are not our Customers but use the IntelePeer Services or Website for some legitimate purpose.
- Website: The IntelePeer website at intelepeer.com.
7.0 Revision History
Revision 1.0, 2009
Revision 2.0, 10/25/2018