PRIVACY NOTICE

Privacy Commitment

We ask for only the least amount of information necessary, gathering only what we believe is essential for doing business, or for the specific transaction at hand. We let customers know the information we have on them and allow them to opt out of specific engagements. But, by far, our biggest commitment is that we do not make a single dollar from advertising revenue—never have, never will—even from the free editions of our products. This means we avoid the fundamental conflict of interest between gathering customer information and fueling advertising revenue, and the unavoidable compromises in customer privacy that it brings. The goal of this Notice is to make explicit the information we gather, how we will use it, and how we will not.

Scope

This Privacy Notice applies to:

• www.businessnext.com and sub-domains

• www.crmnext.us and sub-domains

• Cloud based Software as a Service (SaaS) managed by ACIDAES for customers, and Personally Identifiable Information / Personal Data provided by customers to ACIDAES.

• B2B Enterprise customers who have implemented any of the BusinessNext platform services and its products in the customer premises, the Data Processor responsibilities is limited only to the:

  • B2B customer points-of-contact personnel’s Personally Identifiable Information (PII) or Personal Data (PD) or Sensitive Personal Information (SPI) that the B2B customers provide to Acidaes.

  • PII or PD or SPI Acidaes comes into contact while accessing the customer on-premises systems to provide technical support.

  This Privacy Notice does not apply to any of our websites, products or services that have a separate privacy notice.

Part I – Information ACIDAES collects and controls, as a Data Controller

This part deals with how we collect and use information about website visitors, potential customers, users of ACIDAES' products and services, and others who contact us through forms or email addresses published on or linked to our websites.

Part II – Information that we process on your behalf (that is, the Information provided by our B2B customers), as a Data Processor

This part deals with how we handle data that you entrust to us when you use our products and services, or when you share any personal information with us while requesting customer support.

Part III – General

This part deals with topics that are relevant to both Parts I and II, and other general topics such as Acidaes' security commitments and how we will inform you when we change this Privacy Notice.

What information ACIDAES collects?

We collect information about you only if we need the information for some legitimate purpose. ACIDAES will have information about you only if (a) you have provided the information yourself, (b) ACIDAES has automatically collected the information, or (c) ACIDAES has obtained the information from a third party. Below we describe the various scenarios that fall under each of those three categories and the information collected in each one.

Information that you provide us

Account signup: At the time when customers express interest in attaining additional information or using our features and services offered by our site, we ask customers to register with us. The registration process collects personally identifiable information like contact information, name, company name and more. For the customers subscribing to our services, we provide a personal information-editing tool under the Setup that can be used to update profiles and confirm edits that have been made.

Event registrations and other form submissions: We record information that you submit when you (i) register for any event, including webinars or seminars, (ii) subscribe to our newsletter or any other mailing list, (iii) submit a form in order to download any product, whitepaper, or other materials, (iv) participate in contests or respond to surveys, or (v) submit a form to request customer support, get a quote or to contact Acidaes for any other purpose.

Testimonials: When you authorize us to post testimonials about our products and services on websites, we may include your name and other personal information in the testimonial. You will be given an opportunity to review and approve the testimonial before we post it. If you wish to update or delete your testimonial, you can contact us at [email protected].

Information that we collect automatically

• Information from browsers, devices and servers: When you visit our websites, we may collect information that web browsers, mobile devices and servers make available, such as the internet protocol address, browser type, language preference, time zone, referring URL, date and time of access, operating system, mobile device manufacturer and mobile network information. When collected, we include these in our log files to understand more about visitors to our websites.

• Information from cookies and tracking technologies: We may use temporary and permanent cookies to identify users of our services and to enhance user experience. We embed unique identifiers in our products to identity of users (to maintain sessions). We may also use cookies, beacons, tags, scripts, and other similar technologies to identify visitors, track website navigation, gather demographic information about visitors and users, understand email campaign effectiveness and for targeted visitor and user engagement by tracking your activities on our websites. We mostly use first-party cookies and do not use third-party cookies or other third-party tracking technologies on our websites for non-essential or intrusive tracking.

• Information from application logs and mobile analytics: We may collect information about your use of our products, services and mobile applications from application logs and in-house usage analytics tools and use it to understand how your use and needs can improve our products. This information may include clicks, scrolls, features accessed, access time and frequency, errors generated, performance data, storage utilized, user settings and configurations, and devices used to access and their locations.

• We provide multiple methods of authentication for which we use your information such as User ID, browser, device-type, IP address to verify your identity and provide a safe and secure use of the services of our products.

Information that we collect from third parties

• Signups using federated authentication service providers: You can log in to Acidaes services using supported federated authentication service providers such as LinkedIn, Microsoft and Google. These services will authenticate your identity and give you the option to share certain personal information with us, such as your name and email address.

• Referrals : If someone has referred any of our products or services to you through any of our referral programs, that person may have provided us your name, email address and other personal information. You may contact us at [email protected] to request that we remove your information from our database. If you provide us information about another person, or if another person gives us your information, we will only use that information for the specific reason for which it was provided to us.

• Information from our service providers: If you register for or attend an event that is sponsored by Acidaes, the event organizer may share your information with us.

• Information from social media sites and other publicly available sources : When you provide feedback or reviews about our products, interact, or engage with us on marketplaces, review sites or social media sites such as X, LinkedIn and Instagram through posts, comments, questions and other interactions, we may collect such publicly available information, including profile information, to allow us to connect with you, improve our products, better understand user reactions and issues, or to reproduce and publish your feedback on our websites. We must tell you that once collected, this information may remain with us even if you delete it from these sites. Acidaes may also add and update information about you, from other publicly available sources.

Purposes for using information

In addition to the purposes mentioned above, we may use your information for the following purposes:

• Acidaes uses the information collected to set up services for individuals and their organizations. We also use the information to contact customers for discussions and making them aware about our product & services. Customers can receive our email newsletter by providing an email address. If you wish to discontinue receiving email communications you can opt out by sending a mail to [email protected].

• To keep you posted on new products and services, upcoming events, and other information that we think will be of interest to you;

• To ask you to participate in surveys, or to solicit feedback on our products and services;

• To understand how users use our products and services, to monitor and prevent problems, and to improve our products and services;

• To detect and prevent fraudulent transactions and other illegal activities, to report spam, and to protect the rights and interests of Acidaes, Acidaes users, and customers

Legal bases for collecting and using information

Legal processing bases applicable to Acidaes: If you are an individual from the European Economic Area (EEA), our legal basis for information collection and use depends on the personal information concerned and the context in which we collect it. Most of our information collection and processing activities are typically based on (i) contractual necessity, (ii) one or more legitimate interests of Acidaes that are not overridden by your data protection interests, or (iii) your consent. Sometimes, we may be legally required to collect your information, or may need your personal information to protect your vital interests or those of another person.

Withdrawal of consent: Where we rely on your consent as the legal basis, you have the right to withdraw your consent at any time, but this will not affect any processing that has already taken place.

Legitimate interests notice: Where we rely on legitimate interests as the legal basis and those legitimate interests are not specified above, we will clearly explain to you what those legitimate interests are at the time that we collect your information.

Your choice in information use

Opt-out of non-essential electronic communications: You may opt out of receiving newsletters and other non-essential messages by using the ‘unsubscribe’ function included in all such messages. However, you will continue to receive essential notices and emails such as account notification emails (password change, renewal reminders, etc.), security incident alerts, security and privacy update notifications, and essential transactional and payment related emails.

Disable cookies: You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to use certain features of the websites or products properly.

Optional information: You can always choose not to fill in non-mandatory fields when you submit any form linked to our websites or products.

Who we share your information with

We DO NOT SELL any personal information. We share your information only in the ways that are described in this Privacy Notice, and only with parties who adopt appropriate confidentiality and security measures.

Employees and independent contractors: Employees and independent contractors of relevant Acidaes group entities have access to the information covered in Part I on a need-to-know basis. We require all employees and independent contractors of Acidaes group entities to follow this Privacy Notice for personal information that we share with them.

Third-party service providers: We may need to share your personal information and aggregated or de-identified information with third-party service providers that we engage, such as marketing and advertising partners, event organizers, web analytics providers and payment processors. These service providers are authorized to use your personal information only as necessary to provide these services to us.

Other cases: Other scenarios in which we may share the same information covered under Parts I and II are described in Part III.

Your rights with respect to information we hold about you as a Data Controller

You have the following rights with respect to information that Acidaes holds about you. Acidaes undertakes to provide you the same rights no matter where you choose to live.

Right to access: You have the right to access (and obtain a copy of, if required) the categories of personal information that we hold about you, including the information's source, purpose and period of processing, and the persons to whom the information is shared.

Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.

Right to erasure: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.

Right to restriction of processing: You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means.

Right to object: You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing.

Right to complain: You have the right to complain to the appropriate supervisory authority if you have any grievance against the way we collect, use or share your information. This right may not be available to you if there is no supervisory authority dealing with data protection in your country.

Retention of information

We retain your personal information for as long as it is required for the purposes stated in this Privacy Notice. Sometimes, we may retain your information for longer periods as permitted or required by law, such as to maintain suppression lists, prevent abuse, if required in connection with a legal claim or proceeding, to enforce our agreements, for tax, accounting, or to comply with other legal obligations. When we no longer have a legitimate need to process your information, we will delete or anonymize your information from our active databases. We will also securely store the information and isolate it from further processing on backup discs until deletion is possible.

Information entrusted to Acidaes and purpose

Information provided in connection with services: You may entrust information that you or your organization (“you”) Control, to Acidaes in connection with use of our services or for requesting technical support for our products. This includes information regarding your customers and your employees (if you are a Data Controller) or data that you hold and use on behalf of another person for a specific purpose, such as a customer to whom you provide services (if you are a processor). The data may either be stored on our servers when you use our services or transferred or shared to us as part of a request for technical support or other services.

Information from mobile devices: When you elect to allow it, some of our mobile applications have access to select information stored on your mobile device. Our applications require such access to provide their services. Similarly, when you elect to provide access, location-based information is also collected for providing services under the Contract. This information may be exclusively shared with mapping providers and will be used only for mapping user locations. You may disable the mobile applications' access to this information at any time by editing the settings on your mobile device. The data stored on your mobile device and their location information to which the mobile applications have access will be used in the context of the mobile application and transferred to and associated with your account in the corresponding services (in which case the data will be stored on our servers).

Ownership and control of your Service Data

All the information entrusted to Acidaes is collectively termed “Service Data”

We recognize that you own your Service Data. We provide you complete control of your Service Data by providing you the ability to (i) access your service data and (ii) request export or deletion of your Service Data.

How we use service data

We process your Service Data when you provide us instructions through the various modules of our services.

Who we share Service Data with

Acidaes group and third-party sub-processors: In order to provide services and technical support for our products as agreed in the contract, the contracting entity within the Acidaes group engages other group entities and third parties such as Amazon Web Services (AWS) and Google Cloud Platform (GCP).

Employees and independent contractors: We may provide access to your service data to our employees and individuals who are independent contractors of the Acidaes group entities involved in providing the services (collectively our “employees”) so that they can perform services agreed within the Contract with you. We ensure that access by our employees to your service data is restricted to specific individuals and is logged and audited. Our employees will also have access to data that you knowingly share with us for technical support or to import data into our products or services. We communicate our privacy and security guidelines to our employees and strictly enforce privacy safeguards within the Acidaes group.

Collaborators and other users: Some of our products or services allow you to collaborate with other users or third parties. Initiating collaboration may enable other collaborators to view some or all of your profile information. For example, when you edit a document that you have shared with other persons for collaboration, your name and profile picture will be displayed next to your edits to allow your collaborators to know that you made those edits.

Third-party integrations you have enabled: Most of our products and services support integrations with third-party products and services. If you choose to enable any third-party integrations, you may be allowing the third party to access your service data and personal information about you. We encourage you to review the privacy practices of the third-party services and products before you enable integrations with them.

Other cases: Other scenarios in which we may share information that are common to information covered under Parts I and II are described in Part III.

Retention of information

We hold the data in your account as long as you choose to use Acidaes Services. On termination of the Contract, Acidaes deletes your data from the active database and backups in thirty (30) days from the date of termination of the Contract.

How secure is your information

At Acidaes, we take data security very seriously. That's why we have gotten certified for industry standards mentioned here. We have taken steps to implement appropriate administrative, technical & physical safeguards to prevent unauthorized access, use, modification, disclosure or destruction of the information you entrust to us. If you have any concerns regarding the security of your data, we encourage you to write to us at [email protected] with any questions.

Data Protection Officer

We have appointed a Data Protection Officer to oversee our management of your Privacy in accordance with global privacy regulations this Privacy Notice. If you have any questions or concerns about our privacy practices with respect to your personal information, you can reach out to our Data Protection Officer by sending an email to [email protected].

Locations and international transfers

Applicable to B2B customers (users of Acidaes Cloud SaaS): Acidaes relies on the Processing Instructions of the customers.

We process your PII and Service Data within the Acidaes Group and with third parties such as AWS and GCP. Acidaes hosts the customer service in the Regions catered to by Cloud Service Providers such as AWS and GCP. If you the data-origin-country does not have an AWS or GCP Region, we will communicate to you in writing the location of hosting (outside the data-origin-country). Such transfers are subject to appropriate data protection agreements such as a group company agreement that is based on EU Commission’s Standard Contractual Clauses (SCC) for data processing activities.

To enable you to be compliant with your data protection obligations, write to [email protected] for obtaining a copy of the Acidaes Data Processing Addendum (DPA) and SCC.

Applicable to website visitors: We process your PII within the Acidaes Group and with third parties such as Web Hosting Service Providers for visitors of our websites such as www.businessnext.com and www.crmnext.us. By accessing or using our products and services or otherwise providing PII to us, you understand that the processing, transfer, and storage of your PII is likely to be outside your country.

Automation and Artificial Intelligence

In order to provide enhanced productivity and predictive capabilities to our users, we employ a variety of technologies such as regex parsing, template matching, artificial intelligence and machine learning. In keeping with Acidaes' promise not to exploit your data in a way that is not respectful of your privacy and confidentiality expectations by analyzing your Service Data only for your purposes.

Disclosures in compliance with legal obligations

We may be required by law to preserve or disclose your PII and Service Data to comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements.

Enforcement of our rights

We may disclose PII and Service Data to a third party if we believe that such disclosure is necessary for preventing fraud, security or privacy breaches, spam filtering, investigating any suspected illegal activity, enforcing our agreements or policies, or protecting the safety of our users.

Business Transfers

We do not intend to sell our business. However, in the unlikely event that we sell our business or get acquired or merged, we will ensure that the acquiring entity is legally bound to honor our commitments to you. We will notify you via email or through a prominent notice on our website of any change in ownership or in the uses of your personal information and service data. We will also notify you about any choices you may have regarding your personal information and service data.

Compliance with this Privacy Notice

We make every effort, including periodic reviews, to ensure that personal information you provide is used in conformity with this Privacy Notice. If you have any concerns about our adherence to this Privacy Notice or the manner in which your personal information is used, kindly write to us [email protected] We'll contact you, and if required, coordinate with the appropriate regulatory authorities to effectively address your concerns.

Notification of changes

Applicable for B2B customers: PII is protected using technological security controls. At Acidaes, we continually strive to upgrade the security posture and controls. Check us out here for our latest in Privacy. We will email you when there are material changes to this Notice or the security posture that reduce the strength of the security controls.

Applicable to website visitors: Please check us out here for any changes to this Privacy Notice.

If you have any questions, please write to [email protected].