Effective: December 20, 2022
Cyxtera Technologies, Inc. and its affiliates (collectively “Cyxtera,” “Group,” “we,” “us,”) is a global leader in data center colocation services, ranking as the largest private retail colocation company in the world and among the largest worldwide retail colocation providers overall.
- visit or use our Websites;
- interact with us on behalf of a Customer in connection with the provision of our Services;
- interact with us on behalf of a Service Provider in connection with the products and services our Service Provider provides to us;
- interact with us on behalf of a business partner in connection with our relationship with the business partner;
- apply to work with us;
- receive marketing communications from us; and/or
- interact with us by registering for, attending and/or otherwise taking part in our trade events, webinars, or conferences or who communicate with us via email, phone, or in-person.
Although Cyxtera no longer relies on the Privacy Shield Framework as a lawful transfer mechanism but instead relies on the European Union (“EU”), the UK or Swiss Standard Contractual Clauses, our Affiliates in the U.S. remain subject to the regulatory enforcement powers of the U.S. Federal Trade Commission with respect to Personal Data that was transferred to them pursuant to the Privacy Shield Framework. Please click here to view our Privacy Shield Policy covering Personal Data transferred from the EEA/UK/Switzerland to the United States pursuant to the effective Privacy Shield framework.
“CCPA” means the California Consumer Privacy Act, as amended, and its implementing regulations.
“Controller” means a person or organization that, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
“Customer” means a business that has, formerly had, or is contemplating purchasing or using our Services.
“GDPR” means the EU General Data Protection Regulation 2016/679.
“Personal Data” means any information relating to an identified or identifiable natural person. the Personal Data we collect may include:
- Identifiers (e.g. name, postal address, email address, phone number, IP address, account name and login information, government identification number, etc.)
- Demographic Information (e.g. race, color, national origin, religion, sex, age, disability, etc.)
- Commercial Information (e.g. records of purchases or transactions, payment history, etc.)
- Financial Information (e.g. account number, debit card or credit card number, etc.)
- Biometric data (e.g. fingerprints, DNA, retinal scan, voice recording, etc.)
- Electronic Network Activity Information (e.g. browsing history, search history, etc.)
- Geolocation data
- Audio, electronic, visual, thermal, olfactory, or similar information
- Education and Work history (e.g. schools attended, degrees earned, past employers, etc.)
- Medical Information (e.g. medical history, health insurance information)
“Process” and “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Processor” means a person or organization that engages in Processing.
“Representative” means an individual who (i) acts on behalf of a Customer, including, a Customer’s employees, agents, and representatives, (ii) acts on behalf of a Service Provider, including, a Service Provider’s employees, agents, and representatives, (iii) acts on behalf of a business partner, including a business partner’s employees, agents, and representatives or (iv) otherwise interacts with us in any manner, for example through our Website, in emails, phone calls, or in-person interaction.
“Sensitive Personal Information” includes, but may not be limited to, Personal Data defined as special category data under the GDPR or as sensitive personal information under the CCPA, which includes among others, information about health, government-issued identification numbers, precise geolocation, genetic data, biometric data for uniquely identifying an individual, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information about an individual’s sex life or sexual orientation.
“Service Provider” means a supplier, subcontractor, vendor, or other third party who provides services to us.
“Services” means the products and services provided by us, including, but not limited to, colocation and other data center services, fraud detection software and services, website accessibility compliance software and services, data analytics services, and cybersecurity software and services.
“Website Visitor” means an individual who visits the Website.
III. Personal Data Collected
For our Customers, we may collect the Personal Data of your Representatives (e.g., name, job title, business contact details, etc.) when your Representatives inquire about, negotiate, purchase, or use any of our Services on your behalf.
For our Service Providers, we may collect the Personal Data of your Representatives when we inquire about or purchase services from you to support our business operations. Personal Data collected may include Identifiers, Financial Information, and Geolocation Data.
For our business partners, we may collect the Personal Data of your Representatives in connection with our interactions with you. Personal Data collected may include Identifiers, Financial Information, and Geolocation Data.
For prospective employees, we may collect your Personal Data when you visit, browse, or register on our Websites, when you submit an application for employment, when you provide additional Personal Data during the application and interview process, when you speak to our employees during your interview process, and when you otherwise provide or authorize us to collect your Personal Data during the application and interview process. Personal Data collected as part of the application process may include Identifiers and your Education and Work History.
For our Website Visitors, we may collect certain Personal Data from you when you visit, browse, register on our Websites, complete a form on our Websites, or engage in online support received through our Websites. We may also collect certain information about your session when you visit our Websites, including internet protocol (IP) addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and clickstream data, as further outlined in Section VI below.
We may also collect the Personal Data of Representatives if they (i) register for a trade event, webinar, or conference hosted by us, (ii) download or request content and information regarding our Services, (iii) complete a survey or form, (iv) request online support through our Websites, or (v) receive marketing communications from us.
IV. Purpose of Personal Data Collection and Processing
We collect and Process Personal Data for the following purposes:
- To administer and process transactions related to the Services we provide;
- To provide, assess, and improve our customer support and customer service;
- To personalize your experience using our Services or Websites;
- To communicate with you during contract negotiations or post-contract support;
- To fulfill a legal obligation or to protect our rights;
- To comply with applicable laws and regulations;
- To advise you of additional or new Services that may be of interest to your company;
- To administer and manage Service Providers;
- To work with business partners;
- To improve and protect the integrity and security of our Services and our Websites;
- To enforce any applicable contracts;
- To administer a contest, promotion, survey, event, conference, webinar, or other website feature;
- To consider you for employment;
- To send periodic communications (the contact information that you provide may be used to send you information, including marketing, respond to inquiries, and/or other requests or questions);
- In an emergency, where the health or security of an individual may be endangered;
- In the event of a corporate reorganization, including, but not limited to, merger, acquisition, or sale; and
- For any other purpose for which you have been notified, and if legally required where appropriate consent has been obtained.
If you receive marketing communications from us by email, we seek your opt-in consent to send you such communications by email in jurisdictions where that is required. If we track whether or not you open any such email, we seek your opt-in consent to do so in jurisdictions where that is required. You may, in any event, unsubscribe from the receipt of future electronic communications from us by clicking on the “unsubscribe” link provided in such communications or by emailing firstname.lastname@example.org .
We implement a variety of security measures designed to maintain the safety of your Personal Data when you enter, submit, or access your Personal Data, or when it is otherwise collected or Processed by us. We take reasonable and appropriate measures to secure your Personal Data.
VI. Cookies and Other Technologies
At this time, we are not in a position to honor “do not track” signals from website browsers. However, you may refuse or delete cookies. If you do so, some of the functionality of our Website may be impaired. Additionally, you may still be identifiable and your usage may still be trackable by other means. Please refer to your browser’s “Help” instructions to learn more about how to manage cookies and the use of similar technologies.
VII. Disclosures of Personal Data
Except as otherwise detailed herein, we do not sell, disclose, or otherwise transfer Personal Data we have collected from you to outside parties.
- Service Providers. We share Personal Data with Service Providers that we have retained to perform certain services and functions on our behalf, and these Service Providers have agreed to use the Personal Data solely as necessary to perform the services and functions in accordance with our instructions and subject to appropriate nondisclosure limitations.
- Business Partners. We may share your Personal Data with trusted business partners pursuant to our contractual arrangements with them, which will include appropriate safeguards to protect any Personal Data that we share with these partners. These may be third parties that organize tradeshows, third party consultants and experts, and auditors.
- Affiliated Entities. We share Personal Data with entities that are under our common ownership or control (our “Affiliates”). Subject to local requirements, this Personal Data may be used to provide Services offered by our Affiliates, for Affiliates to provide support to the Affiliated entity that is sharing the Personal Data, or for any other purposes described herein. For example, our Affiliates may share Personal Data with one another about our Customers, Service Providers, business partners, Representatives, prospective employees, and Website Visitors for direct marketing purposes.
- Payment Processing. We work with a payment processing partner to process certain credit card payments. If you make a credit card payment to us, our payment processing provider will store your full name and credit card details.
- Fraud Prevention and Protection of Legal Rights. We may use and disclose Personal Data to the appropriate legal, judicial, or law enforcement authorities and our advisors and investigators: (i) when we believe, in our sole discretion, that such disclosure is necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or to protect our safety, rights, or property and those of each of our Customers, Service Providers, business partners, Representatives, Website Visitors, prospective employees, or others; (ii) when we suspect abuse of the Website or Services or unauthorized access to any system, spamming, denial of service attacks, or similar attacks; (iii) to exercise or protect legal rights or defend against legal claims; or (iv) to allow us to pursue available remedies or limit the damages that we may sustain.
- Law Enforcement. We may have to disclose the Personal Data of our Customers, Service Providers, business partners, Representatives, prospective employees, Website Visitors, or others if a court, law enforcement, or other public or government authority with appropriate competency requests that we provide that Personal Data and we believe, in our reasonable discretion, that such request was made in compliance with applicable law.
We will keep the Personal Data that we collect for as long as is reasonably necessary to achieve the purpose for which you provided it, or to the extent necessary for us to protect our rights, or as required by applicable laws.
IX. Collection of Personal Data from Children
Our Websites are intended for individuals 18 years of age and older. They are not directed at, marketed to, nor intended for, children under 18 years of age. We do not knowingly collect any information, including Personal Data, from children under 18 years of age. If you believe that we have inadvertently collected Personal Data from a child under the age of 18, please contact us at the email address in Section XI below, and we will take immediate steps to delete it.
XI. Inquiries/Contact Us
XII. Governing Law; Venue; Waiver of Jury Trial and Class Actions
XIII. Your Data Privacy Rights
Depending on where you live you may have certain rights with respect to your Personal Data, as described below. You may submit a request to exercise one or more of these rights by emailing us at email@example.com with the subject line “Privacy Rights Request” and letting us know which country or US state you live in, or as otherwise described below. Once we receive a request to exercise your data privacy rights, we may be required to verify your identity before proceeding. We verify identities by comparing certain details you provide (such as name, email, and relationship) with information we have. In some cases, we may need additional details to verify your identity. In certain circumstances, we may decline a request to exercise the rights below, particularly where we are unable to verify your identity or locate your information in our systems, or as otherwise permitted by law.
- Right to Know. You can ask us to give you information about our collection and use of your Personal Data. Specifically, you can request that we provide you one or more of the following:
- (i) the categories of Personal Data we collected about you;
- (ii) the categories of sources from which we collected your Personal Data;
- (iii) our purposes for collecting your Personal Data;
- (iv) the categories of third parties to whom we disclose your Personal Data
- (v) the specific pieces of Personal Data we collected about you.
- Right to Delete. You can ask us to delete your Personal Data that we collected from you, subject to certain limitations.
- Right to Correct. You can ask us to correct any inaccurate Personal Data that we have about you.
- Right to Opt-Out of Sale or Sharing. Our disclosure of your Personal Data to third party advertising and analytics providers may constitute a sale or “sharing” (which is a term used to address the sharing of information for advertising purposes) under California privacy law. To the extent that our use constitutes a sale or sharing of your Personal Data, you have the right to opt-out by (a) enabling an opt-out preference signal or Global Privacy Control on your browser, or (b) opting-out of cookies through the cookie banner.
- Right to Limit Use and Disclosure of Sensitive Personal Information. When we collect information including government identification number, health information, or financial account information, we are deemed to be collecting data that is “sensitive” under California law. Consumers have the right to limit the use and disclosure of sensitive information when used or disclosed for a purpose other than what is specified in the CCPA. We do not use it for any purpose that is inconsistent with the CCPA and its implementing regulations. We also do not use it for purposes of making inferences. So, this right does not apply.
You may also have your authorized agent make a request on your behalf. If you have an agent making a request, we require that (i) the agent provide us proof that you gave permission to submit the request and/or (ii) you verify your identity with us and confirm you gave the agent permission to submit the request.
- Right to Access Information. You have the right to access and obtain a copy of your Personal Data.
- Right to Request Deletion. You have the right to request that we delete Personal Data provided by or obtained about you.
- Right to Correct. You have the right to correct inaccuracies in your Personal Data.
- Right to Opt-Out of Targeted Advertising. You can ask us to not use or disclose your information for the purposes of targeted advertising to you based on your Personal Data obtained from your activity across different businesses, services, websites, etc. Please see the California rights section above for a description of how to exercise your right to opt-out of targeted advertising.
Residents of Colorado, Connecticut, Virginia and Utah can appeal a refusal to take action on a request by contacting us by email at firstname.lastname@example.org.
- Right to Access. You can ask us to (i) confirm that we have Personal Data about you and (ii) provide you a copy of that information.
- Right to Correct. You can ask us to correct any inaccurate or incomplete Personal Data that we have about you.