General Privacy Policy

Effective: December 20, 2022

I. Introduction

Cyxtera Technologies, Inc. and its affiliates (collectively “Cyxtera,” “Group,” “we,” “us,”) is a global leader in data center colocation services, ranking as the largest private retail colocation company in the world and among the largest worldwide retail colocation providers overall.

This General Privacy Policy addresses the privacy rights of individuals who:

  • visit or use our Websites;
  • interact with us on behalf of a Customer in connection with the provision of our Services;
  • interact with us on behalf of a Service Provider in connection with the products and services our Service Provider provides to us;
  • interact with us on behalf of a business partner in connection with our relationship with the business partner;
  • apply to work with us;
  • receive marketing communications from us; and/or
  • interact with us by registering for, attending and/or otherwise taking part in our trade events, webinars, or conferences or who communicate with us via email, phone, or in-person.

This General Privacy Policy, along with our GDPR Privacy Policy and Privacy Shield Policy set forth at the links below, is designed to assist individuals and businesses that interact with us to understand the types of Personal Data we collect, how that Personal Data is Processed, and the practices we have adopted to protect Personal Data. If your Personal Data is Processed by us in the EEA or the UK or if you are a resident of the EEA or the UK and subject to GDPR protections, please click here to view our GDPR Privacy Policy for data processing in the EEA/UK.

Although Cyxtera no longer relies on the Privacy Shield Framework as a lawful transfer mechanism but instead relies on the European Union (“EU”), the UK or Swiss Standard Contractual Clauses, our Affiliates in the U.S. remain subject to the regulatory enforcement powers of the U.S. Federal Trade Commission with respect to Personal Data that was transferred to them pursuant to the Privacy Shield Framework. Please click here to view our Privacy Shield Policy covering Personal Data transferred from the EEA/UK/Switzerland to the United States pursuant to the effective Privacy Shield framework.

In the event of a conflict between the GDPR Privacy Policy and the General Privacy Policy, the GDPR Privacy Policy will prevail. In the event of a conflict between the General Privacy Policy or GDPR Privacy Policy and the Privacy Shield Policy, the Privacy Shield Policy, where applicable, will prevail.

II. Definitions

CCPA” means the California Consumer Privacy Act, as amended, and its implementing regulations.

Controller” means a person or organization that, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

Customer” means a business that has, formerly had, or is contemplating purchasing or using our Services.

GDPR” means the EU General Data Protection Regulation 2016/679.

Personal Data” means any information relating to an identified or identifiable natural person. the Personal Data we collect may include:

  • Identifiers (e.g. name, postal address, email address, phone number, IP address, account name and login information, government identification number, etc.)
  • Demographic Information (e.g. race, color, national origin, religion, sex, age, disability, etc.)
  • Commercial Information (e.g. records of purchases or transactions, payment history, etc.)
  • Financial Information (e.g. account number, debit card or credit card number, etc.)
  • Biometric data (e.g. fingerprints, DNA, retinal scan, voice recording, etc.)
  • Electronic Network Activity Information (e.g. browsing history, search history, etc.)
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory, or similar information
  • Education and Work history (e.g. schools attended, degrees earned, past employers, etc.)
  • Medical Information (e.g. medical history, health insurance information)

Privacy Policy” means this General Privacy Policy, the GDPR Privacy Policy and the Privacy Shield Policy, collectively.

Process” and “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

Processor” means a person or organization that engages in Processing.

Representative” means an individual who (i) acts on behalf of a Customer, including, a Customer’s employees, agents, and representatives, (ii) acts on behalf of a Service Provider, including, a Service Provider’s employees, agents, and representatives, (iii) acts on behalf of a business partner, including a business partner’s employees, agents, and representatives or (iv) otherwise interacts with us in any manner, for example through our Website, in emails, phone calls, or in-person interaction.

Sensitive Personal Information” includes, but may not be limited to, Personal Data defined as special category data under the GDPR or as sensitive personal information under the CCPA, which includes among others, information about health, government-issued identification numbers, precise geolocation, genetic data, biometric data for uniquely identifying an individual, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information about an individual’s sex life or sexual orientation.

Service Provider” means a supplier, subcontractor, vendor, or other third party who provides services to us.

Services” means the products and services provided by us, including, but not limited to, colocation and other data center services, fraud detection software and services, website accessibility compliance software and services, data analytics services, and cybersecurity software and services.

Website” means all of the websites and mobile applications maintained by us that display a link to the General Privacy Policy, the GDPR Privacy Policy, and/or Privacy Shield Policy.

Website Visitor” means an individual who visits the Website.

III. Personal Data Collected

For our Customers, we may collect the Personal Data of your Representatives (e.g., name, job title, business contact details, etc.) when your Representatives inquire about, negotiate, purchase, or use any of our Services on your behalf.

For our Service Providers, we may collect the Personal Data of your Representatives when we inquire about or purchase services from you to support our business operations. Personal Data collected may include Identifiers, Financial Information, and Geolocation Data.

For our business partners, we may collect the Personal Data of your Representatives in connection with our interactions with you. Personal Data collected may include Identifiers, Financial Information, and Geolocation Data.

For prospective employees, we may collect your Personal Data when you visit, browse, or register on our Websites, when you submit an application for employment, when you provide additional Personal Data during the application and interview process, when you speak to our employees during your interview process, and when you otherwise provide or authorize us to collect your Personal Data during the application and interview process. Personal Data collected as part of the application process may include Identifiers and your Education and Work History.

For our Website Visitors, we may collect certain Personal Data from you when you visit, browse, register on our Websites, complete a form on our Websites, or engage in online support received through our Websites. We may also collect certain information about your session when you visit our Websites, including internet protocol (IP) addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and clickstream data, as further outlined in Section VI below.

We may also collect the Personal Data of Representatives if they (i) register for a trade event, webinar, or conference hosted by us, (ii) download or request content and information regarding our Services, (iii) complete a survey or form, (iv) request online support through our Websites, or (v) receive marketing communications from us.

IV. Purpose of Personal Data Collection and Processing

We collect and Process Personal Data for the following purposes:

  • To administer and process transactions related to the Services we provide;
  • To provide, assess, and improve our customer support and customer service;
  • To personalize your experience using our Services or Websites;
  • To communicate with you during contract negotiations or post-contract support;
  • To fulfill a legal obligation or to protect our rights;
  • To comply with applicable laws and regulations;
  • To advise you of additional or new Services that may be of interest to your company;
  • To administer and manage Service Providers;
  • To work with business partners;
  • To improve and protect the integrity and security of our Services and our Websites;
  • To enforce any applicable contracts;
  • To administer a contest, promotion, survey, event, conference, webinar, or other website feature;
  • To consider you for employment;
  • To send periodic communications (the contact information that you provide may be used to send you information, including marketing, respond to inquiries, and/or other requests or questions);
  • In an emergency, where the health or security of an individual may be endangered;
  • In the event of a corporate reorganization, including, but not limited to, merger, acquisition, or sale; and
  • For any other purpose for which you have been notified, and if legally required where appropriate consent has been obtained.

If you receive marketing communications from us by email, we seek your opt-in consent to send you such communications by email in jurisdictions where that is required. If we track whether or not you open any such email, we seek your opt-in consent to do so in jurisdictions where that is required. You may, in any event, unsubscribe from the receipt of future electronic communications from us by clicking on the “unsubscribe” link provided in such communications or by emailing unsubscribe@cyxtera.com .

V. Security

We implement a variety of security measures designed to maintain the safety of your Personal Data when you enter, submit, or access your Personal Data, or when it is otherwise collected or Processed by us. We take reasonable and appropriate measures to secure your Personal Data.

VI. Cookies and Other Technologies

When you visit our Websites, open an email that we send you, or interact with the communication features on our Websites, we may collect information about your usage or device by automated means or by using technologies such as cookies, web server logs, and web beacons. Please view Cyxtera’s Cookie Policy for information on our practices in relation to the use of these technologies.

At this time, we are not in a position to honor “do not track” signals from website browsers. However, you may refuse or delete cookies. If you do so, some of the functionality of our Website may be impaired. Additionally, you may still be identifiable and your usage may still be trackable by other means. Please refer to your browser’s “Help” instructions to learn more about how to manage cookies and the use of similar technologies.

VII. Disclosures of Personal Data

Except as otherwise detailed herein, we do not sell, disclose, or otherwise transfer Personal Data we have collected from you to outside parties.

  1. Service Providers. We share Personal Data with Service Providers that we have retained to perform certain services and functions on our behalf, and these Service Providers have agreed to use the Personal Data solely as necessary to perform the services and functions in accordance with our instructions and subject to appropriate nondisclosure limitations.
  2. Business Partners. We may share your Personal Data with trusted business partners pursuant to our contractual arrangements with them, which will include appropriate safeguards to protect any Personal Data that we share with these partners. These may be third parties that organize tradeshows, third party consultants and experts, and auditors.
  3. Affiliated Entities. We share Personal Data with entities that are under our common ownership or control (our “Affiliates”). Subject to local requirements, this Personal Data may be used to provide Services offered by our Affiliates, for Affiliates to provide support to the Affiliated entity that is sharing the Personal Data, or for any other purposes described herein. For example, our Affiliates may share Personal Data with one another about our Customers, Service Providers, business partners, Representatives, prospective employees, and Website Visitors for direct marketing purposes.
  4. Payment Processing. We work with a payment processing partner to process certain credit card payments. If you make a credit card payment to us, our payment processing provider will store your full name and credit card details.
  5. Fraud Prevention and Protection of Legal Rights. We may use and disclose Personal Data to the appropriate legal, judicial, or law enforcement authorities and our advisors and investigators: (i) when we believe, in our sole discretion, that such disclosure is necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or to protect our safety, rights, or property and those of each of our Customers, Service Providers, business partners, Representatives, Website Visitors, prospective employees, or others; (ii) when we suspect abuse of the Website or Services or unauthorized access to any system, spamming, denial of service attacks, or similar attacks; (iii) to exercise or protect legal rights or defend against legal claims; or (iv) to allow us to pursue available remedies or limit the damages that we may sustain.
  6. Law Enforcement. We may have to disclose the Personal Data of our Customers, Service Providers, business partners, Representatives, prospective employees, Website Visitors, or others if a court, law enforcement, or other public or government authority with appropriate competency requests that we provide that Personal Data and we believe, in our reasonable discretion, that such request was made in compliance with applicable law.
  7. Corporate Reorganization. We may share your Personal Data with a third party in the case of the reorganization, sale, merger, joint venture, assignment, transfer or other disposition of all or any portion of our business, asset or stocks, including in the event of bankruptcy or corporate restructuring. Any Personal Data that an individual submits or that is collected after the reorganization may be subject to a new privacy policy adopted by the successor entity, of which we will inform, where required.

VIII. Retention

We will keep the Personal Data that we collect for as long as is reasonably necessary to achieve the purpose for which you provided it, or to the extent necessary for us to protect our rights, or as required by applicable laws.

IX. Collection of Personal Data from Children

Our Websites are intended for individuals 18 years of age and older. They are not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any information, including Personal Data, from children under 18 years of age. If you believe that we have inadvertently collected Personal Data from a child under the age of 18, please contact us at the email address in Section XI below, and we will take immediate steps to delete it.

X. Changes to Privacy Policy

When we change this General Privacy Policy, including the GDPR Privacy Policy or Privacy Shield Policy, we will update the “Effective Date” or the “Last Updated Date” for this General Privacy Policy and/or the “Effective Date” or the “Last Updated Date” for the respective GDPR Privacy Policy or Privacy Shield Policy portions. We encourage you to view this General Privacy Policy, including the GDPR Privacy Policy and Privacy Shield Policy, when interacting with us to ensure you are aware of the current terms. We will provide adequate notice of any material changes and obtain your consent when legally required when making such changes to this General Privacy Policy, including the GDPR Privacy Policy and Privacy Shield Policy.

XI. Inquiries/Contact Us

You may have rights regarding your Personal Data depending on where you are and where your Personal Data is Processed. Please contact us at the email address below if you have questions in this regard or if you wish to update your Personal Data. Please note that if you have an account with us, you may update certain information through that account. We commit to resolving complaints about your privacy and our collection or use of your Personal Data. Should you have any questions regarding this General Privacy Policy, the GDPR Privacy Policy, or Privacy Shield Policy or any of its or their provisions, you may contact us at: privacy@cyxtera.com.

XII. Governing Law; Venue; Waiver of Jury Trial and Class Actions

Unless applicable data protection / privacy laws provide otherwise, (a) the Privacy Policy is governed by the laws of the State of Florida, U.S.A, (b) you hereby agree that any dispute or claim raised or made by you against us relating to the Privacy Policy shall be subject to arbitration before a single arbitrator in Miami-Dade County, Florida in accordance with the Commercial Arbitration Rules of the American Arbitration Association and (c) you hereby waive all rights to bring or maintain any court action, jury trial or any class claim, class action, class arbitration, or other representative action, claim or proceeding against us in a court of law.

XIII. Your Data Privacy Rights

Depending on where you live you may have certain rights with respect to your Personal Data, as described below. You may submit a request to exercise one or more of these rights by emailing us at privacy@cyxtera.com with the subject line “Privacy Rights Request” and letting us know which country or US state you live in, or as otherwise described below. Once we receive a request to exercise your data privacy rights, we may be required to verify your identity before proceeding. We verify identities by comparing certain details you provide (such as name, email, and relationship) with information we have. In some cases, we may need additional details to verify your identity. In certain circumstances, we may decline a request to exercise the rights below, particularly where we are unable to verify your identity or locate your information in our systems, or as otherwise permitted by law.

A. California If you live in California, you have the following rights:
  1. Right to Know. You can ask us to give you information about our collection and use of your Personal Data. Specifically, you can request that we provide you one or more of the following:
  2. (i) the categories of Personal Data we collected about you;
    (ii) the categories of sources from which we collected your Personal Data;
    (iii) our purposes for collecting your Personal Data;
    (iv) the categories of third parties to whom we disclose your Personal Data
    (v) the specific pieces of Personal Data we collected about you.
  3. Right to Delete. You can ask us to delete your Personal Data that we collected from you, subject to certain limitations.
  4. Right to Correct. You can ask us to correct any inaccurate Personal Data that we have about you.
  5. Right to Opt-Out of Sale or Sharing. Our disclosure of your Personal Data to third party advertising and analytics providers may constitute a sale or “sharing” (which is a term used to address the sharing of information for advertising purposes) under California privacy law. To the extent that our use constitutes a sale or sharing of your Personal Data, you have the right to opt-out by (a) enabling an opt-out preference signal or Global Privacy Control on your browser, or (b) opting-out of cookies through the cookie banner.
  6. Right to Limit Use and Disclosure of Sensitive Personal Information. When we collect information including government identification number, health information, or financial account information, we are deemed to be collecting data that is “sensitive” under California law. Consumers have the right to limit the use and disclosure of sensitive information when used or disclosed for a purpose other than what is specified in the CCPA. We do not use it for any purpose that is inconsistent with the CCPA and its implementing regulations. We also do not use it for purposes of making inferences. So, this right does not apply.

You may also have your authorized agent make a request on your behalf. If you have an agent making a request, we require that (i) the agent provide us proof that you gave permission to submit the request and/or (ii) you verify your identity with us and confirm you gave the agent permission to submit the request.

B. Colorado, Connecticut, Virginia and Utah. Privacy laws in these states give consumers certain rights with respect to their Personal Data, when they take effect over the course of 2023. Those rights include:
  1. Right to Access Information. You have the right to access and obtain a copy of your Personal Data.
  2. Right to Request Deletion. You have the right to request that we delete Personal Data provided by or obtained about you.
  3. Right to Correct. You have the right to correct inaccuracies in your Personal Data.
  4. Right to Opt-Out of Targeted Advertising. You can ask us to not use or disclose your information for the purposes of targeted advertising to you based on your Personal Data obtained from your activity across different businesses, services, websites, etc. Please see the California rights section above for a description of how to exercise your right to opt-out of targeted advertising.

Residents of Colorado, Connecticut, Virginia and Utah can appeal a refusal to take action on a request by contacting us by email at privacy@cyxtera.com.

C. Canada, Japan and Singapore. If you live in one of these countries, you have the following rights:
  1. Right to Access. You can ask us to (i) confirm that we have Personal Data about you and (ii) provide you a copy of that information.
  2. Right to Correct. You can ask us to correct any inaccurate or incomplete Personal Data that we have about you.