Nexus Systems Privacy Policy

Last updated: 5/18/2020

Nexus Systems, LLC, the “Company,” “we,” or “us”) wants you to be familiar with how we collect, use and disclose information. This Privacy Policy describes our practices in connection with information that we collect through our Sites, which include:
• http://www.nexussystems.com and other websites operated by us from which you are accessing this Privacy Policy (the “Sites”);
• Our social media pages (collectively, our “Social Media Pages”);
• HTML-formatted email messages that we send to you that link to this Privacy Policy or other communications with you; and
• Offline business interactions you have with us.

We also collect information through the software applications and other online platforms and services made available by us for use on or through computers and mobile devices, including NexusPayables, NexusConnect, OnTheGo and other products and services we may offer our business clients (the “Services”). We act as a service provider to our business clients and we collect and process Personal Information (defined below) in the course of providing the Services to these business clients. We use Personal Information collected through business clients’ use of Services for the maintenance and operation of our services, in accordance with our contractual obligations to our clients and as permitted by law. If you access Services through such a business client instance and have questions or concerns about how that Personal Information is collected and processed, please reach out to the client directly and/or consult its privacy policies.

PERSONAL INFORMATION
“Personal Information” is information that identifies you as an individual or relates to an identifiable individual. The Sites collect Personal Information, including:
• Name
• Email Address
• Phone Number
• Postal Address
• Employment information, such as employer and job title
• Account information
• Financial Information to include Credit Card, Bank Account and TIN numbers solely for the provision of services as referenced above (NexusPayable, NexusConnect and OnTheGo
• Any additional Personal Information you may choose to share with us

Collection of Personal Information
We and our service providers collect Personal Information through the Sites and Marketing Automation Platform, such as when you contact us to obtain additional information or to schedule a demo, attend one of our events, register an account with us, or purchase one of our products or services.
We need to collect Personal Information in order to provide the requested services to you. If you do not provide the information requested, we may not be able to provide the services. If you disclose any Personal Information relating to other people to us or to our service providers in connection with the Sites, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

We may also collect Personal Information in the course of providing the Nexus Products to our customers and as part of the support process. We use Personal Information collected through a customer’s use of Nexus Products for the maintenance and operation of our services in the fulfillment of our contractual obligations to our customers and as permitted by law. When using Nexus Products, Nexus Systems acts as the data processor, and each client is the data controller of the information used by them. If you have questions or concerns about how a particular customer handles such Personal Information, please reach out to these third parties directly and/or consult their respective privacy policies.

Use of Personal Information
We and our service providers use Personal Information for the following purposes:
• Providing the functionality of the Sites and fulfilling your requests.
 To provide the Sites’ functionality to you.
 To respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise, for example, when you send us questions, suggestions, compliments or complaints, or when you request a quote for or other information about our Sites.
 To complete your transactions, verify your information, and provide you with related customer service.
 To send administrative information to you, such as changes to our terms, conditions, and policies.

We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation.

• Providing you with our newsletter, event invitations, and/or other marketing materials.
 To send you marketing related emails, with information about our services, new products and other news about our company.

We will engage in this activity with your consent or where we have a legitimate interest.

• Analyzing Personal Information for business reporting and providing personalized services.
 To analyze or predict our users’ preferences in order to prepare aggregated trend reports on how our digital content is used, so we can improve our Sites.
 To better understand your interests and preferences, so that we can personalize our interactions with you and provide you with information and/or offers tailored to your interests.
 To better understand your preferences so that we can deliver content via our Sites that we believe will be relevant and interesting to you.
We will provide personalized services based on our legitimate interests, and with your consent to the extent required by applicable law.

• Allowing you to participate in sweepstakes, contests or other promotions.
 We may offer you the opportunity to participate in a sweepstakes, contest or other promotion.
 Some of these promotions have additional rules containing information about how we will use and disclose your Personal Information. Please read those additional rules before choosing to participate.
We use this information to manage our contractual relationship with you.

• Aggregating and/or anonymizing Personal Information.
 We may aggregate and/or anonymize Personal Information so that it will no longer be considered Personal Information. We do so to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual.

• Accomplishing our business purposes.
 For data analysis, for example, to improve the efficiency of our Sites;
 For audits, to verify that our internal processes function as intended and to address legal, regulatory, or contractual requirements;
 For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
 For developing new products and services;
 For enhancing, improving, repairing, maintaining, or modifying our current products and services, as well as undertaking quality and safety assurance measures;
 For identifying usage trends, for example, understanding which parts of our Sites are of most interest to users;
 For determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; and
 For operating and expanding our business activities, for example, understanding which parts of our Sites are of most interest to our users so we can focus our energies on meeting our users’ interests.
 For providing customer support activities using help systems.
We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest.

Disclosure of Personal Information

We disclose Personal Information:

• To our affiliates for the purposes described in this Privacy Policy.
• To our third-party service providers, to facilitate services they provide to us.
• By using the Sites, you may elect to disclose Personal Information.
• Our list of affiliates and third parties include:
• Hosting Services (Rackspace and AWS)
• Payment Services for clients that use our payments platform (these may include Ach.com, SmartPayables, and US Bank depending on the services received)
• Marketing Automation Platform (HubSpot)
• Nexus Support Community (through Salesforce)
• Event Management Software (Cvent and Eventbrite)
• Walkme digital adoption platform (Walkme)
• Constant Contact and Salesforce Marketing Cloud
• DigitalChalk LMS and GoToTraining registration for training (note, must be a customer to participate)

Other Uses and Disclosures

We also use and disclose your Personal Information as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so:
• To comply with applicable law and regulations.
 This may include laws outside your country of residence.
• To cooperate with public and government authorities.
 To respond to a request or to provide information we believe is necessary or appropriate.
 These can include authorities outside your country of residence.
• To cooperate with law enforcement.
 For example, when we respond to law enforcement requests and orders or provide information we believe is important.
• For other legal reasons.
 To enforce our terms and conditions; and
 To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
• In connection with a sale or business transaction.
 We have a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, other disposition of all or any portion of our business, assets, or stock, or any other similar transaction (including in connection with any bankruptcy or similar proceedings).

OTHER INFORMATION
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual. The Sites collect Other Information such as:
• Browser and device information
• App usage data
• Information collected through cookies, pixel tags and other technologies
• Demographic information and other information provided by you that does not reveal your specific identity
• Information that has been aggregated in a manner such that it no longer reveals your specific identity

Collection of Other Information

We and our service providers may collect Other Information in a variety of ways, including:
• Your browser or device.
 Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and you are using. We use this information to ensure that the Sites function properly.
• Cookies.
 Cookies are pieces of information stored directly on the computer that you are using. Cookies allow us to collect information such as browser type, time spent on the Sites, pages visited, language preferences and other traffic data. We and our service providers use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience. We also gather statistical information about use of the Sites in order to continually improve their design and functionality, understand how they are used, and assist us with resolving questions regarding them. We do not currently respond to browser do-not-track signals. If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Sites.
• Pixel tags and other similar technologies.
 Pixel tags. Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the Sites (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the Sites and response rates.
 Analytics. We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Sites and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and exercise the opt-out provided by Google by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.] Uses and Disclosures of Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Information under applicable law, we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Policy. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.

SECURITY
We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.

YOUR CHOICES
Your choices regarding our use and disclosure of your Personal Information
We give you choices regarding our use and disclosure of your Personal Information for marketing purposes. You may opt out from Receiving marketing-related emails from us. If you no longer want to receive marketing related emails from us on a going-forward basis, you may opt out by clicking on unsubscribe in the footer of a marketing email.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing related emails from us, we may still send you important administrative messages, from which you cannot opt out.

RETENTION PERIOD
We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.

The criteria used to determine our retention periods include:
• The length of time we have an ongoing relationship with you and provide the Sites to you (for example, for as long as you have an account with us or keep using the Sites);
• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
• Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

THIRD PARTY SERVICES
This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Sites link. The inclusion of a link on the Sites does not imply endorsement of the linked site or service by us or by our affiliates.
In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as any of our customers, Facebook, Apple, Google, Microsoft, RIM, Linkedin, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Information you disclose to other

USE OF SITES BY MINORS
The Sites are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Information from individuals under 16.

JURISDICTION AND CROSS-BORDER TRANSFER
Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Sites you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.

SENSITIVE INFORMATION
Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Sites or otherwise to us.

UPDATES TO THIS PRIVACY POLICY
The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Sites.

CONTACTING US
Nexus Systems, LLC, located at 6400 Arlington Boulevard, Suite 1000, Falls Church, VA 22042, USA, is the company responsible for collection, use, and disclosure of your Personal Information under this Privacy Policy.
If you have any questions about this Privacy Policy, please contact us at privacy@nexussystems.com, or other means as listed on our contact page.
Because email communications are not always secure, please do not include credit card, bank account information, Tax IDs or other sensitive information in your emails to us.

ADDITIONAL INFORMATION REGARDING THE EEA and GDPR
Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en). For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses to protect your Personal Information. You may obtain a copy of these measures by contacting us in accordance with the “Contact Us” section below. If you reside in the would like to request to access, correct, update, suppress, restrict, or delete Personal Information, object to or opt out of the processing of Personal Information, or if you would like to request to receive a copy of your Personal Information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us in accordance with the “Contacting Us” section below. We will respond to your request consistent with applicable law.
You may also lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

ADDITIONAL INFORMATION REGARDING CALIFORNIA
We have not “sold” Personal Information four purposes of the CCPA. For purposes of this Privacy Policy, “sold” or “sale” means the disclosure of Personal Information for monetary or other valuable consideration but does not include, for example, the transfer of Personal Information as an asset that is part of a merger, bankruptcy, or other disposition of all or any portion of our business.
As described above, we collect this Personal Information from you and from other categories of sources, including publicly available databases

Also as described above, we may use this Personal Information to operate, manage, and maintain our business, to provide our products and services, for employment/human resources and vendor management purposes and to accomplish our business purposes and objectives, including, for example, using Personal Information to: develop, improve, repair, and maintain our products and services; personalize, advertise, and market our products and services; conduct research, analytics, and data analysis; maintain our facilities and infrastructure; undertake quality and safety assurance measures; carrying out payroll functions and administering employee benefits; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; and exercise and defend legal claims.

(1) We disclosed the following Personal Information to third parties for our operational business purposes:
A. Identifiers, such as name, contact information, online identifiers, and government-issued ID numbers;
B. Personal information, as defined in the California customer records law, such as name, contact information, signature, payment card number, and government-issued ID numbers;
C. Commercial information, such as transaction information and purchase history;
D. Internet or network activity information, such as browsing history and interactions with our website;
E. Geolocation data, such as [device location and] IP location;
F. Audio, electronic, visual, similar information, such as call and video recordings.

We share Personal Information with our affiliates and service providers,

If you are a California resident, you may be entitled to request that we:
(1) Disclose to you the following information covering the 12 months preceding your request:
o The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
o The specific pieces of Personal Information we collected about you;
o The business or commercial purpose for collecting Personal Information about you; and
o The categories of Personal Information about you that we shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such Personal Information (if applicable).
(2) Delete Personal Information we collected from you.

To make a request for the disclosures or deletion described above, please contact us in accordance with the “Contacting Us” section above. We will respond to your request consistent with applicable law.

You have the right to be free from unlawful discrimination for exercising your rights under the CCPA.

If you are a resident of California, under 18, and a registered user of the Sites, you may ask us to remove content or information that you have posted to the Sites by writing to privacy@nexussystems.com. Please note that your request does not ensure complete or comprehensive removal of the content or information, as, for example, some of your content may have been reposted by another user.