Effective Date: June 1, 2022
Collection of Personal Data
In order to provide and continually improve the Nintex Services, we collect information which may include Personal Data. Our collection practices are intended for interaction in the business environment. In most cases, you will voluntarily provide your Personal Data. For example, we collect personal information through your registration for and use of the Nintex Services; when you use or visit Nintex sites, attend a Nintex event, or participate in the Nintex Community. We may also receive Personal Data from our third-party partners. If you are a Nintex Partner or vendor, we may also collect your personal information. If you have other agreements with Nintex, then those agreements control with respect to their subject matter.
We also collect information that you voluntarily provide by subscribing to Nintex marketing communications, registering for events, or providing testimonials for our use on our Websites or other promotional materials. Information you directly provide to us include your personal identification data (for example, name, surname) and contact information (phone, email, address, country). Additional transaction and billing information is also required when procuring Services or registering for a Nintex fee-based event.
When using the Nintex Services or interacting with Nintex, please keep in mind that Nintex does not solicit, does not require, and you should not disclose to Nintex, any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership).
The type of information that we collect depends on your interaction with us and the Nintex Services, and may include:
- Contact Data. Name, employer, job title, business email address, physical business address, phone number, and similar contact information.
- Log In Data. This can include user names and tokenized passwords.
- Payment Data. Credit card number, bank information, and billing address (if purchasing via credit card).
- Registration Data. Product registration information, product interest information, transaction information. This may also include registration information provided to attend webinars and training, whether self-study or instructor-led, as well as attendance at Nintex events.
- Geolocation Data. Nintex sometimes collects geolocation data to provide you with enhanced services, based on your use of the Nintex Services.
- Devices, Usage and Transactional Data. We collect data related to how you access and use our products, services and websites, and analyze that usage data so we can improve the Nintex Services and your experience with the Nintex Services. Usage data may include information about your computer or mobile device’s operating system and browser type; your device type; details about how you are using Nintex Services; your Internet Protocol (IP) address; browser type and networking connection information; cookie information; file information; metadata; time stamped logs regarding access times and duration of visits; website visited before coming to a Nintex website, including pages you request, and other clickstream data.
- Third Party Data. Nintex may receive your Personal Data from third parties, including our suppliers, vendors or partners. If you connect with Nintex accounts on third party social media sites, then we may receive information about your social media accounts, for instance, your name, user name, public profile, photos, and email address. We may combine the information you provide with information that we collect automatically, and with data that we receive from third parties.
Some third parties, including analytics companies, advertisers, and ad networks, may automatically collect information about you through our websites using cookies, web beacons, and device identifiers. The information collected can include Personal Data about your online activities over time and across different websites, devices, online channels and applications.
- Images, Videos, and Recordings. We may collect pictures, videos, or audio recordings of you. For example, if you attend a Nintex event, your image may be captured in a photo or video; or if you call Nintex Support, we may record the call after providing appropriate notice to you; or when you create a Nintex Community profile you may opt to include a photo.
If you decline to provide your personal information or ask us to delete it, we may be unable to continue to provide or support our products or services.
How We Use Your Personal Data
- Provide and deliver our products and services, including software updates.
- Maintain and improve our operations, systems, products, and services.
- Understand your preferences to enhance your experience.
- Respond to your questions and comments and to provide customer service.
- Provide service and support, such as sending confirmations, invoices, technical notices, updates, security alerts, administrative messages, and providing support and troubleshooting.
- Communicate with you and for referrals regarding any promotions, upcoming contests and events, and news about products and services offered by Nintex and selected partners.
- Link or combine information about you with Personal Data that we receive from third parties to help understand your needs and provide you with better and more personalized services.
- Enforce our terms and conditions, or protect our business, our partners, or our users.
- Detect, protect against, investigate, and deter fraudulent, unauthorized, or illegal activity.
- Comply with legal process and other lawful requests, and verification requests in connection with internal and external audits.
- For any other purpose disclosed to you in connection with our website or the Nintex Services
The Lawful Basis On Which We Use Your Data
We typically collect or use personal information only where we have your consent to do so, where we need the personal information to perform any of our Agreements with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. In offering the Nintex Services, we rely on the following legal bases for the processing of Personal Data:
- To fulfill our responsibilities under the Agreements and to provide you with the Nintex Services.
- Your consent to the use of your Personal Data, in which case you can withdraw consent by using the contact information included below.
- The necessity for Nintex to comply with a legal obligation, or to establish, exercise and defend Nintex from a legal claim.
- The necessity to respond to your requests.
- That you made your Personal Data public, for example by publicly posting on social media.
- Any other legal basis as permitted by applicable law
How We Secure Your Personal Data
Data security is very important to Nintex. We use appropriate technical and organizational measures to protect the Personal Data that we collect and process about you against accidental or intentional manipulation, loss, destruction, or other unauthorized access or disclosure. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information, but we cannot guarantee the absolute safety of Personal Data. If you have any questions about security on our Web site, you can contact us at firstname.lastname@example.org.
How We Share Your Personal Data
It is important to Nintex that we keep your Personal Data secure. In some circumstances and subject to compliance with applicable law, Nintex may share your Personal Data with third parties, for example:
- With your consent. Nintex may share your Personal Data when we have your permission and consent, including when you choose to comment on our blogs or in our community forums, or otherwise post information on the Nintex Community site.
- Third Party Accounts. You may connect to third party accounts through the Nintex Services and partner ecosystem, and we may share some Personal Data with those third-party services. For example, information may be shared to authenticate you, or we may share your username and your preferences in connection with those services. These third-party accounts and services are not owned or controlled by Nintex, and they may have their own policies and practices for the collection and use of Personal Data. Please review the privacy policies of those third-party accounts to understand how they use your information.
- Merger, sale, or other business transfer. We may disclose information as part of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or a portion of Nintex’s business, assets, or stock; or in the event of insolvency or bankruptcy.
- For legal reasons. Nintex may disclose Personal Data if we have a good-faith belief that the access, use, preservation or disclosure of that Personal Data is reasonably necessary to: comply with any applicable law, regulation, legal process, or enforceable government request; enforce our Terms of Service, Agreements or any other applicable policy or agreement; detect, prevent, or otherwise address fraud, security or technical issues; or protect against harm to the rights, property, or safety of Nintex, our users, or the public as required or permitted by law.
- Aggregated and de- identified data. We may share de-identified data (i.e. data that can no longer be linked to an individual person) with others for a variety of purposes. For example, we may share data to show trends or benchmark performance indicators.
Cookies, Web Beacons, and Analytics
From time to time, we also partner with third parties who may place cookies on your browser when you visit our websites, and may use those cookies to provide track and collect information about you and your online activities over time and across different websites, devices and applications, and to offer advertising based on your interests and previous browsing history.
Do Not Track. Nintex does not respond to web browsers’ “do not track” signals. While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites.
We will retain your Personal Data for as long as your account is active or as needed to provide you services. We may also retain Personal Data in order protect our legal rights, comply with the legal requirements, or comply with record keeping requirements. We keep the data that we process on behalf of customers in accordance with our customers’ instructions. If you wish to request that we no longer use your information to provide you services, contact us at GDPR@nintex.com. Please keep in mind that we may need to keep your data to comply with our legal obligations, resolve disputes or enforce legal agreements.
The Nintex Service is not directed at individuals under the age of 16 or such other age designated by applicable law (“minors”). We do not knowingly collect or ask for Personal Data from minors. If you learn that a minor has provided us with Personal Data, please contact us and we will take steps to delete that information.
Information for California Residents
Nintex does not sell (as that term is defined in the California Consumer Privacy Act, or CCPA) any personal information collected from consumers.
California law requires that we detail the categories of Personal Data that we collect, and the categories of personal data that we disclose for business purposes; those categories are:
- Commercial information;
- Internet or other electronic network activity information;
- Gelocation data;
- Financial information;
- Professional and employment related information;
- Education information;
- Inferences drawn from any of the above.
International Data Transfers and Privacy Shield Notice
Nintex may transfer your data to a country other than where it was collected or where you reside. When we transfer Personal Data, we implement safeguards to ensure the adequate protection of the transferred Personal Data. For applicable data transfers, Nintex continues to comply with the EU-U.S. Privacy Shield Framework (hereinafter “Framework”) and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce, the European Commission, and the Swiss Administration, and the UK GDPR regarding the collection, use, and retention of Personal Data transferred from the EEA, the UK and Switzerland. In light of the invalidation of the Framework by the Court of Justice of the EU on July 16, 2020, Nintex also uses other mechanisms to ensure the adequate protection of Personal Data. We offer a Data Protection Addendum (https://www.nintex.com/legal/data-protection-addendum) which incorporates EU Standard Contractual Clauses (“SCCs”). The European Commission has approved of the use of SCCs as an adequate cross-border data transfer mechanism.
Nintex is responsible under the Principles for the processing of Personal Data that it receives under the Privacy Shield and subsequently transfers to third parties acting as agents on our behalf. If third party agents process Personal Data on our behalf in a manner inconsistent with the principles of either Privacy Shield framework, we remain liable unless we prove we are not responsible for the event giving rise to the damage.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Nintex is subject to the regulatory enforcement powers of the Federal Trade Commission. In certain situations, Nintex may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement needs.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Your Privacy Rights
Individuals located in certain jurisdictions, including the European Economic Area (“EEA”) the United Kingdom, have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, your rights may include the right to request access to information, as well as to seek the update, deletion, or correction of this information. You can usually do this using the settings and tools in the relevant Nintex Service or your Community, Customer Central, or Partner Portal account.
If you would like to exercise any of these rights, please contact us at GDPR@nintex.com. In your request, please describe the nature of your request, the Personal Data it relates to, and we will comply as soon as we reasonably can, and consistent with applicable law. Whether and how the right applies will depend on the applicable law, and in some situations the Personal Data is exempt from such requests. To the extent that your request includes certain types of Personal Data necessary to provide the Nintex Services, if you request the deletion of that Personal Data, you may no longer be able to access or use the Nintex Services.
Opt-Out of Marketing Materials
You can choose to stop receiving our marketing materials by following the unsubscribe instructions included in the emails, or by visiting us at: https://info.nintex.com/Subscription-Center.html.
Links to Third Party Platforms
The Nintex Services may contain links to third party websites, online services, or social media platforms. The fact that we link to a website is not an endorsement or indication of affiliation with that third party website. We exercise no control over third party services or websites, and third-party services and websites have their own privacy policies, which may be different than ours.
Notice to End Users
Many of our products and services are intended for use by organizations. When you use the Nintex Services through an organization (e.g. your employer), that organization may have access to certain information, such as username or training course completion. Please contact your organization for more information.
How to Contact Us
Nintex USA Inc.
10800 NE 8th Street, Suite 400
Bellevue, WA 98004
Phone: +1 (425) 324 2400
Nintex UK Ltd
138 Fetter Lane
London, EC4A 1BT
Phone: +44 (0) 20 3693 0200
Nintex Pty Ltd
595 Collins Street
Phone: +61 3 9912 1800