Privacy Policy
Effective Date: August 15, 2024
Purpose
Your privacy is important to Nintex, and we are committed to the careful handling of personal information, About customers and other individuals (collectively “you”). Our privacy policy (“Privacy Policy”) is intended to explain how Nintex Global Ltd. and its worldwide affiliates and subsidiaries (collectively, “we” or “Nintex”) collect, use, and disclose the information you provide to us, when using our products and services (collectively, the “Nintex Services”) or which we otherwise collect in providing the Nintex Services to you, including any personal information (“Personal Data”). When we use the term Personal Data in this Privacy Policy, we mean information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, and online identifier or to one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural, or social identity. By using the Nintex Services, you understand that we may collect Personal Date as described in this Privacy Policy.
Applicability
The use of the Nintex Services is subject to the terms of the applicable legal agreement (found at https://www.nintex.com/legal) and the use of our website is subject to the Site Terms of Use (found at https://www.nintex.com/legal/website-and-community-terms-of-use/) (collectively, the “Agreements”). This Privacy Policy is incorporated into and forms part of the Agreements. This Privacy Policy describes our policies and procedures regarding the collection, use and processing of Personal Data through: all Nintex websites and online resources, including but not limited to Nintex.com, Customer Central, the Nintex Partner Portal, Nintex University, and Nintex Community; the Nintex Services, including Nintex Mobile; and any other products, services, or applications offered by Nintex.
Your use of the Nintex Services constitutes consent to the processing of any Personal Data as described in this Privacy Policy.
Collection of Personal Data
In order to provide and continually improve the Nintex Services, we collect information which may include Personal Data. Our collection practices are intended for interaction in the business environment. In most cases, you will voluntarily provide your Personal Data. For example, we collect personal information through your registration for and use of the Nintex Services; when you use or visit Nintex sites, attend a Nintex event, or participate in the Nintex Community. We may also receive Personal Data from our third-party partners. If you are a Nintex Partner or vendor, we may also collect your personal information. If you have other agreements with Nintex, then those agreements control with respect to their subject matter.
The use of the term Personal Data in this Privacy Policy does not include the information (which can include personal information) that is merely transmitted or processed by Nintex on behalf of our customers through their use of the Nintex Services. This personal data (i.e. any personal data processed on behalf of Nintex customers) is governed by the terms of our customers’ privacy notices.
We also collect information that you voluntarily provide by subscribing to Nintex marketing communications, registering for events, or providing testimonials for our use on our Websites or other promotional materials. Information you directly provide to us include your personal identification data (for example, name, surname) and contact information (phone, email, address, country). Additional transaction and billing information is also required when procuring Services or registering for a Nintex fee-based event.
When using the Nintex Services or interacting with Nintex, please keep in mind that Nintex does not solicit, does not require, and you should not disclose to Nintex, any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership).
The type of information that we collect depends on your interaction with us and the Nintex Services, and may include:
- Contact Data. Name, employer, job title, business email address, physical business address, phone number, and similar contact information.
- Log In Data. This can include user names and tokenized passwords.
- Payment Data. Credit card number, bank information, and billing address (if purchasing via credit card).
- Registration Data. Product registration information, product interest information, transaction information. This may also include registration information provided to attend webinars and training, whether self-study or instructor-led, as well as attendance at Nintex events.
- Geolocation Data. Nintex sometimes collects geolocation data to provide you with enhanced services, based on your use of the Nintex Services.
- Devices, Usage and Transactional Data. We collect data related to how you access and use our products, services and websites, and analyze that usage data so we can improve the Nintex Services and your experience with the Nintex Services. Usage data may include information about your computer or mobile device’s operating system and browser type; your device type; details about how you are using Nintex Services; your Internet Protocol (IP) address; browser type and networking connection information; cookie information; file information; metadata; time stamped logs regarding access times and duration of visits; website visited before coming to a Nintex website, including pages you request, and other clickstream data.
- Third Party Data. Nintex may receive your Personal Data from third parties, including our suppliers, vendors or partners. If you connect with Nintex accounts on third party social media sites, then we may receive information about your social media accounts, for instance, your name, user name, public profile, photos, and email address. We may combine the information you provide with information that we collect automatically, and with data that we receive from third parties.
Some third parties, including analytics companies, advertisers, and ad networks, may automatically collect information about you through our websites using cookies, web beacons, and device identifiers. The information collected can include Personal Data about your online activities over time and across different websites, devices, online channels and applications. - Images, Videos, and Recordings. We may collect pictures, videos, or audio recordings of you. For example, if you attend a Nintex event, your image may be captured in a photo or video; or if you call Nintex Support, we may record the call after providing appropriate notice to you; or when you create a Nintex Community profile you may opt to include a photo.
If you decline to provide your personal information or ask us to delete it, we may be unable to continue to provide or support our products or services.
How We Use Your Personal Data
We use the Personal Data we collect for the purposes described in this Privacy Policy, and as covered in any Agreement that incorporates this Privacy Policy, or as otherwise disclosed to you in connection with the Nintex Services. For example, we use Personal Data to:
- Provide and deliver our products and services, including software updates.
- Maintain and improve our operations, systems, products, and services.
- Understand your preferences to enhance your experience.
- Respond to your questions and comments and to provide customer service.
- Provide service and support, such as sending confirmations, invoices, technical notices, updates, security alerts, administrative messages, and providing support and troubleshooting.
- Communicate with you and for referrals regarding any promotions, upcoming contests and events, and news about products and services offered by Nintex and selected partners.
- Link or combine information about you with Personal Data that we receive from third parties to help understand your needs and provide you with better and more personalized services.
- Enforce our terms and conditions, or protect our business, our partners, or our users.
- Detect, protect against, investigate, and deter fraudulent, unauthorized, or illegal activity.
- Comply with legal process and other lawful requests, and verification requests in connection with internal and external audits.
- For any other purpose disclosed to you in connection with our website or the Nintex Services
The Lawful Basis On Which We Use Your Data
We typically collect or use personal information only where we have your consent to do so, where we need the personal information to perform any of our Agreements with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. In offering the Nintex Services, we rely on the following legal bases for the processing of Personal Data:
- To fulfill our responsibilities under the Agreements and to provide you with the Nintex Services.
- Any legitimate reason to collect and use your information, including, but not limited to, gathering usage data which can include Personal Data to improve our products and services, advising you about changes to this Privacy Policy or other Nintex policies; or promoting Nintex events and products, offers and promotions.
- Your consent to the use of your Personal Data, in which case you can withdraw consent by using the contact information included below.
- The necessity for Nintex to comply with a legal obligation, or to establish, exercise and defend Nintex from a legal claim.
- The necessity to respond to your requests.
- That you made your Personal Data public, for example by publicly posting on social media.
- Any other legal basis as permitted by applicable law
How We Secure Your Personal Data
Data security is very important to Nintex. We use appropriate technical and organizational measures to protect the Personal Data that we collect and process about you against accidental or intentional manipulation, loss, destruction, or other unauthorized access or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information, but we cannot guarantee the absolute safety of Personal Data. If you have any questions about security on our Web site, you can contact us at security@nintex.com.
How We Share Your Personal Data
It is important to Nintex that we keep your Personal Data secure. In some circumstances and subject to compliance with applicable law, Nintex may share your Personal Data with third parties, for example:
- With your consent. Nintex may share your Personal Data when we have your permission and consent, including when you choose to comment on our blogs or in our community forums, or otherwise post information on the Nintex Community site.
- Business partner services. We share information with our trusted partners who work on behalf of Nintex to provide us with services. For example, we may share information with our certification partners, our data storage and data analysis providers, implementation, customer support, and marketing vendors, and software providers. These companies may use your Personal Data to perform services and to help Nintex communicate with you about offers from Nintex and our marketing partners. We maintain contracts with these companies that restrict their access, use and disclosure of Personal Data in compliance with this Privacy Policy and any legal obligation.
- Third Party Accounts. You may connect to third party accounts through the Nintex Services and partner ecosystem, and we may share some Personal Data with those third-party services. For example, information may be shared to authenticate you, or we may share your username and your preferences in connection with those services. These third-party accounts and services are not owned or controlled by Nintex, and they may have their own policies and practices for the collection and use of Personal Data. Please review the privacy policies of those third-party accounts to understand how they use your information.
- Merger, sale, or other business transfer. We may disclose information as part of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or a portion of Nintex’s business, assets, or stock; or in the event of insolvency or bankruptcy.
- For legal reasons. Nintex may disclose Personal Data if we have a good-faith belief that the access, use, preservation or disclosure of that Personal Data is reasonably necessary to: comply with any applicable law, regulation, legal process, or enforceable government request; enforce our Terms of Service, Agreements or any other applicable policy or agreement; detect, prevent, or otherwise address fraud, security or technical issues; or protect against harm to the rights, property, or safety of Nintex, our users, or the public as required or permitted by law.
- Aggregated and de- identified data. We may share de-identified data (i.e. data that can no longer be linked to an individual person) with others for a variety of purposes. For example, we may share data to show trends or benchmark performance indicators.
We may facilitate third party services or ways to share data through third parties, including social media platforms, websites, applications, and services through “plug-ins,” widgets, buttons, and other third-party features on and connected with our websites, communications, or products. Third parties whose services you use in connection with Nintex, for instance third party websites we link to, may have information practices that are different than ours. This Privacy Policy does not apply to the activities of third parties when they are collecting or using data for their own purposes or on behalf of others. We are not responsible for the activities of these third parties. We encourage you to review their privacy policies to understand how they use your information.
Cookies, Web Beacons, and Analytics
Like many companies, Nintex uses cookies and similar technologies, like web beacons and pixel tags, to collect additional information. Cookies are small files that may be downloaded onto your device. When you visit a Nintex website again, the cookie allows that site to recognize your browser. Cookies may store preferences, like language, as well as other information and settings. Web beacons and pixel tags are small pieces of code placed on a web page or within the body of an email in order to collect data about the visitors viewing a web page or opening an email. We also use a variety of analytics tools, including Google Analytics. Analytics tools help website and app owners like Nintex understand how visitors engage with our properties.
From time to time, we also partner with third parties who may place cookies on your browser when you visit our websites, and may use those cookies to provide track and collect information about you and your online activities over time and across different websites, devices and applications, and to offer advertising based on your interests and previous browsing history.
You can find out more about cookies, including how to see what cookies have been set and how to manage and delete them, at www.aboutcookies.org or www.allaboutcookies.org.
Do Not Track. Nintex does not respond to web browsers’ “do not track” signals. While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites.
Data Retention
We will retain your Personal Data for as long as your account is active or as needed to provide you services. We may also retain Personal Data in order protect our legal rights, comply with the legal requirements, or comply with record keeping requirements. We keep the data that we process on behalf of customers in accordance with our customers’ instructions. If you wish to request that we no longer use your information to provide you services, contact us at GDPR@nintex.com. Please keep in mind that we may need to keep your data to comply with our legal obligations, resolve disputes or enforce legal agreements.
Age Limitations
The Nintex Service is not directed at individuals under the age of 16 or such other age designated by applicable law (“minors”). We do not knowingly collect or ask for Personal Data from minors. If you learn that a minor has provided us with Personal Data, please contact us and we will take steps to delete that information.
Information for California Residents
Nintex does not sell (as that term is defined in the California Consumer Privacy Act, or CCPA) any personal information collected from consumers.
California law requires that we detail the categories of Personal Data that we collect, and the categories of personal data that we disclose for business purposes; those categories are:
- Identifiers;
- Commercial information;
- Internet or other electronic network activity information;
- Gelocation data;
- Financial information;
- Professional and employment related information;
- Education information;
- Inferences drawn from any of the above.
International Data Transfers and EU-U.S. Data Privacy Framework Principles
Nintex may transfer your data to a country other than where it was collected or where you reside. When we transfer Personal Data, we implement safeguards to ensure the adequate protection of the transferred Personal Data. For applicable data transfers, Nintex complies with the EU-U.S. Data Privacy Framework Principles (hereinafter “EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce, the European Commission, and the Swiss Administration, and the UK GDPR regarding the collection, use, and retention of Personal Data transferred from the EEA, the UK and Switzerland. In light of the invalidation of the Privacy Shield Framework by the Court of Justice of the EU on July 16, 2020, Nintex also uses other mechanisms to ensure the adequate protection of Personal Data. We offer a Data Protection Addendum (https://www.nintex.com/legal/data-protection-addendum) which incorporates EU Standard Contractual Clauses (“SCCs”). The European Commission has approved of the use of SCCs as an adequate cross-border data transfer mechanism.
Nintex complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Nintex has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Nintex has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
Nintex is responsible under the EU-U.S. DPF, Swiss-U.S. DPF, and the UK Extension to the EU-U.S. DPF for the processing of Personal Data that it receives under the EU-U.S. DPF and subsequently transfers to third parties acting as agents on our behalf. If third party agents process Personal Data on our behalf in a manner inconsistent with the principles of EU-U.S. DPF, Swiss-U.S. DPF, and the UK Extension to the EU-U.S. DPF, we remain liable unless we prove we are not responsible for the event giving rise to the damage.
With respect to Personal Data received or transferred pursuant to the EU-U.S. DPF, Swiss-U.S. DPF, and the UK Extension to the EU-U.S. DPF, Nintex is subject to the regulatory enforcement powers of the Federal Trade Commission. In certain situations, Nintex may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement needs.
For unresolved privacy or data use concerns, Nintex has elected to cooperate with Data Protection Authorities (DPAs), and will cooperate with DPAs in the investigation and resolution of complaints brought under the Data Privacy Framework. Under certain conditions, more fully described on the Data Privacy Framework website (https://www.dataprivacyframework.gov/), you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Your Privacy Rights
Individuals located in certain jurisdictions, including the European Economic Area (“EEA”) the United Kingdom, have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, your rights may include the right to request access to information, as well as to seek the update, deletion, or correction of this information. You can usually do this using the settings and tools in the relevant Nintex Service or your Community, Customer Central, or Partner Portal account.
If you would like to exercise any of these rights, please contact us at GDPR@nintex.com. In your request, please describe the nature of your request, the Personal Data it relates to, and we will comply as soon as we reasonably can, and consistent with applicable law. Whether and how the right applies will depend on the applicable law, and in some situations the Personal Data is exempt from such requests. To the extent that your request includes certain types of Personal Data necessary to provide the Nintex Services, if you request the deletion of that Personal Data, you may no longer be able to access or use the Nintex Services.
Please also note that Nintex can only respond to these requests when we are the Controller of the Personal Data. This means that if we are processing data on behalf of our corporate customers, then that processing is governed by the agreement between Nintex and our customer, and requests for access, corrections, or deletions of that data should be directed to the Nintex customer, rather than Nintex. If you would like to know how a Nintex customer handles your Personal Data, please refer to that customer’s own privacy policy.
Opt-Out of Marketing Materials
You can choose to stop receiving our marketing materials by following the unsubscribe instructions included in the emails, or by visiting us at: https://info.nintex.com/Subscription-Center.html.
Links to Third Party Platforms
The Nintex Services may contain links to third party websites, online services, or social media platforms. The fact that we link to a website is not an endorsement or indication of affiliation with that third party website. We exercise no control over third party services or websites, and third-party services and websites have their own privacy policies, which may be different than ours.
This Privacy Policy does not apply to third party applications or software that integrate with the Nintex Services through the Nintex platform.
The Nintex Services do not retain user data obtained via third party applications or software, including but not limited to Google Workspace’s API, to develop, train, or improve generalized AI or ML models.
Notice to End Users
Many of our products and services are intended for use by organizations. When you use the Nintex Services through an organization (e.g. your employer), that organization may have access to certain information, such as username or training course completion. Please contact your organization for more information.
Changes to this Privacy Policy
We invite you to regularly visit this Privacy Policy in order to acquaint yourself with the latest, updated version of the Privacy Policy, so that you may remain constantly informed on how collect and use Personal Data.
How to Contact Us
Should you have any questions or suggestions regarding this Privacy Policy, or you wish to exercise your rights regarding your Personal Data, please contact us at the locations below. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the appropriate supervisory authority.
Americas
Nintex USA Inc.
10800 NE 8th Street, Suite 400
Bellevue, WA 98004
Phone: +1 (425) 324 2400
Europe
Nintex UK Ltd
Ground Floor
138 Fetter Lane
London, EC4A 1BT
United Kingdom
Phone: +44 (0) 20 3693 0200
Asia Pacific
Nintex Pty Ltd
Level 15
595 Collins Street
Melbourne 3000
Australia
Phone: +61 3 9912 1800