Last revised: June 2018
NGINX, as a data controller, collects and processes personal data relating to interactions with our Website and you can contact us at: Privacy@nginx.com
We will use your personal data only for the purposes and in the manner set forth below, which describes the steps we take to ensure our processing of your personal data is in compliance with the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any implementing legislation (Data Protection Legislation).
YOUR RIGHT TO OBJECT – PLEASE NOTE THAT YOU HAVE A RIGHT TO OBJECT TO PROCESSING OF YOUR PERSONAL DATA WHERE THAT PROCESSING IS CARRIED OUT FOR OUR LEGITIMATE INTEREST.
Please read the following carefully to understand our use of your personal data.
1. What Type of Personal Data Do We Collect about You?
When you visit or use our Website in any way, we collect and process different types of information about you:
- Identity Data includes first name, last name, username or similar identifier, and title.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website.
- Profile Data includes your purchases or orders made by you, your LinkedIn® profile (if applicable), your preferences, feedback, communications and survey responses, and your NGINX password and username as applicable.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Unless you are purchasing products or services, the provision of your personal data is not a statutory or contractual requirement and you may refuse to disclose same. You can choose not to provide this information; however, you might not be able to gain access to our information, services or products.
Some of our products can be used by our customers to monitor activity on their networks. If you use our products for these purposes it is your responsibility to comply with all applicable laws and your internal policies relating to such monitoring, and providing notices and obtaining any necessary consents from your users.
2. Links to Other Websites
Our Website may, from time to time, contain links to third party websites. If you follow a link to any of those third party websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those practices. Please check those policies before you submit any personal data to those websites.
3. No Information from Children Under Age 16
This Website is not intended for children and we do not knowingly collect data relating to children. If you are under the age of 16, please do not attempt to register with us at this Website or provide any personal information about yourself to us. If we learn that we have collected personal information from a child under the age of 16, we will promptly delete that information. If you believe we have collected personal information from a child under the age of 16, please contact us at email@example.com.
4. How Do We Use the Information We Gather?
We will only use your personal data for the purposes and legal bases, for which we may contact you via email, phone, social media, or other forms of communication, as set out in the table below:
|Purpose(s) for Processing||Legal Basis for Processing|
• To register a new customer, create and maintain your customer account and provision of services to you.
Processing is necessary for the performance of a contract or to enter into such a contract with you.
• To provide you with information about NGINX and its products and services and provide newsletters or email updates to you;
Your consent – which you can withdraw at any time.
• To manage and operate our website – to keep our website updated and relevant, to develop our business and to inform our marketing strategy and monitoring how you use our Website.
The processing is necessary to support our legitimate business interests in managing our business provided such interests are not overridden by your interests and rights. We have carried out a balancing test to ensure that your interests do not override this legitimate business interest of ours. For more information on this balancing test carried out by Nginx please contact firstname.lastname@example.org. Please note that you have a right to object to processing of your personal data where that processing is carried on for our legitimate interest.
You have the right to object at any time.
• For the prevention and detection of fraud, money laundering or other crimes or for the purpose of responding to a binding request from a public authority or court.
The processing is necessary to comply with legal and regulatory obligations.
In addition to the purpose for which you submitted your personal data, you may also be given the option (through a check box or otherwise) to have your personal data used for an activity or service different from the primary activity or service that you are requesting.
5. Do We Share Your Personal Information with Third Parties, such as Affiliates, Service Providers or Consultants?
We may disclose your personal data to any member of our group from time to time in order to provide you with the services or products requested.
We may disclose your personal data to third parties who provide a service to us, including:
• Stripe, who provide payment processing services;
• providers of cloud based CRM software in relation to customer account maintenance and billing;
• providers of cloud based marketing software in relation to prospective customer information management;
• providers of cloud based training software in relation to online training and certification for customers and end users;
• providers who collect information on our behalf, including as necessary to operate features of the Website, such as customer satisfaction surveys.
• providers of cloud based accounting software in relation to management of accounting.
• third party service providers that help us operate and manage our Website, process orders, and fulfil and deliver products and services that you purchase from us.
We may also disclose your personal data to the following recipients:
• If NGINX or substantially all of its assets are acquired by a third party, in which case your personal data held by us may be included in the transferred assets (for example, in the form of a database of users of the Website). Similarly, personal data may be transferred as part of a corporate reorganisation, insolvency proceeding, or other similar event, if permitted by and done in accordance with applicable law;
• To our distribution and reseller partners who may contact you regarding our products and services;
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or court order, or in order to enforce, establish, exercise or defend legal rights, the rights, property, or safety of you, us, our group, or employees;
• To detect, prevent, or otherwise address fraud, security, or technical issues; and
• To protect against harm to the rights, property or safety of NGINX, our employees, our users, customers, or the public as required or permitted by law;
6. Is Your User Data Secure?
We are committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available. Where we have given you a password which enables you to access certain parts of our Website, you are responsible for keeping that password confidential. We ask you not to share your password with anyone.
Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website. Any transmission of personal data is at your own risk. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.
7. How Long Do We Store Your Data?
We store your personal data during the time that you are a customer or end user of Nginx for purposes of providing you the services, and for up to seven years after you cease to be a customer or end-user. If you have never been a customer or registered end-user of Nginx, but have consented to receive marketing inquiries or other information from Nginx, we may store your data for up to two years. We reserve the right to store or delete your personal data earlier or later than set forth herein if required to do so by an applicable law or regulation, including the GDPR and for the exercise or defence of legal claims.
8. Where We Store Your Personal Data
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA), for the purposes described above, including to countries such as the United States of America or Russia, which may not provide an adequate level of protection in relation to processing your data. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy and Cookies Policy and the Data Protection Legislation. To the limited extent that it is necessary to transfer your personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including European Union Model Clauses under Article 46.2. Please contact us if you wish to obtain information concerning such safeguards (see contact us below).
9. Your Rights
Nginx is committed to ensuring that you have control and visibility to your personal data. Below is a summary of your rights and additional commitments from Nginx. You may exercise your rights by contacting us at email@example.com.
Right of Access You can request a copy of the personal data we hold about you.
Right to Rectification You have the right to request that we correct any inaccuracies in the personal data we hold about you and complete any personal data where this is incomplete.
It is your responsibility to ensure that any information you have provided to us is accurate and up-to-date. If any of the information that you have provided to us changes, please send us an email entitled ‘CHANGE OF DETAILS’ to firstname.lastname@example.org.
Right of Access
You can request a copy of the personal data we hold about you.
Right to Erasure (‘Right to be Forgotten’)
You have the right to request that your personal data be deleted in certain circumstances including:
• The personal data are no longer needed for the purpose for which they were collected;
• You withdraw your consent (where the processing was based on consent);
• You object to the processing and there are no overriding legitimate grounds justifying us processing the personal data (see Right to Object below);
• The personal data have been unlawfully processed; or
• To comply with a legal obligation.
However, this right does not apply where, for example, the processing is necessary:
• To comply with a legal obligation; or
• For the establishment, exercise or defence of legal claims.
Right to Restriction of Processing
You can ask that we restrict your personal data (i.e., keep but not use) where:
• The accuracy of the personal data is contested;
• The processing is unlawful but you do not want it erased;
• We no longer need the personal data but you require it for the establishment, exercise or defence of legal claims; or
• You have objected to the processing and verification as to our overriding legitimate grounds is pending.
We can continue to use your personal data:
• Where we have your consent to do so;
• For the establishment, exercise or defence of legal claims;
• To protect the rights of another; or
• For reasons of important public interest.
Right to Data Portability
Where you have provided personal data to us, you have a right to receive such personal data back in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where:
• The processing is carried out by automated means; and
• The processing is based on your consent or on the performance of a contract with you.
Right to Object
You have a right to object to the processing of your personal data in those cases where we are processing your personal data in reliance on our legitimate interests. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate interests which override your interests and you have a right to request information on the balancing test we have carried out. You also have the right to object where we are processing your personal data for direct marketing purposes.
If you do not want to receive newsletters, announcements, or other communications and/or services from the NGINX, please do not opt-in for those communications or services at the time of registration. If you have opted-in and, at a later time, wish to opt-out, please unsubscribe by sending us an email entitled “UNSUBSCRIBE” to Nginx Data Privacy Officer at email@example.com.
Along with every email communication sent to you, we provide you the opportunity to discontinue receiving future communications (i.e., unsubscribe). Simply follow the unsubscribe process or directions provided at the bottom of the email or go to our Unsubscribe Page: https://pages.nginx.com/email-subscription-center.html.
If you do not want to send your data to be used by third party sites in order to provide advertising that is relevant, please opt-out by updating your option here. Updating your option does not ensure your historical data will be deleted from the third party sites. You may refer to the below table to opt out from third party sites.
You have a right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you other than where the decision is:
• Necessary for entering into a contract, or for performing a contract with you;
• Based on your explicit consent – which you may withdraw at any time; or
• Is authorized by European Union or Member State law.
Where we base a decision solely on automated decision-making, you will always be entitled to have a person review the decision so that you can contest it and put your point of view and circumstances forward.
Right to Complain
You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you are unhappy with how we are processing your personal data.
We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than one month after receipt of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. All requests should be addressed to firstname.lastname@example.org.
Cookies are small data files that are stored in your web browser on your computer, tablet or smartphone (each a “Device”) when you visit a website. Cookies serve a number of purposes like letting you navigate between pages efficiently, remembering your preferences, interests or log in details, and generally improving your experience.
|Categories of Use||Description|
|Preferences, Features, and Services||Cookies can tell us which language you prefer and what your communication preferences are. They can help you fill out forms on NGINX.com more easily. They also provide you with features, insights, and personalized content based on other content you’ve engaged with on the Website.|
|Performance, Analytics, and Research||Cookies help us learn how well our Website performs in different locations, on different devices, and at different times of day.|
|Type||Purpose||Who Provides the Cookie?||Settings and Opt out|
|Optional||Advertising and Social Media||https://twitter.com/personalization|
|Optional||Advertising and Social Media||https://www.linkedin.com/psettings/advertising/actions-that-showed-interest|
|Optional||Advertising and Social Media||https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen|
MANAGING AND DISABLING COOKIES
For instructions on blocking and deleting cookies, see the privacy and help documentation of your specific browser’s website. If you use more Devices and/or browsers you will need to disable cookies on each Device and on each browser separately. Here are the locations of the cookie settings for all major web browsers:
• Internet Explorer – Tools > Internet Options > Privacy tab.
• Mozilla Firefox – Tools > Options > Privacy menu.
• Safari Users – Edit > Preferences > Privacy menu.
• Chrome Users – Settings > Content Settings > Privacy > Cookies.
If you limit the ability of our websites to set cookies, this may prevent you from using certain features of our Website properly and your user experience – which will no longer be personalised for you – may deteriorate. You may also be able to opt-out from certain cookies through third party cookie management sites. Disabling cookies may prevent you from using certain parts of our Website. If you delete your cookies from the browser, you may need to remember to re-install opt-out cookies.
WHERE CAN I GET MORE INFORMATION ABOUT COOKIES?
You can find more information about cookies by visiting the following information websites:
11. Do We Use Your Information for Advertising Purposes?
We may place cookies on partner websites to advertise our brands and/or services. These cookies are mainly used to display content tailored to your interests and to evaluate our content (including advertising). Our cookies are also used by third party sites in order to provide advertising that is relevant. This relevance is based on a profile built form your previous visits to our Website, including the services you have visited.
We belong to ad networks that may use your browsing history across participating websites to show you interest based advertisements on those websites. For example, cookies can be used in the selection of the advertisements that appear on a Google search results page, or at a website in the Google Display Network (that is, ad content might be based on which pages you viewed during past visits to the NGINX website). You can set preferences for how Google advertises to you on their Ads Settings page. You can opt out of interest based advertising by changing cookie settings in your browser or by using a browser plug in. We do not control cookies used by these advertising networks. To learn more about interest based advertisements and your opt out rights and options, the following websites are helpful:
- European Interactive Digital Advertising Alliance (EU)
- Internet Advertising Bureau (US)
- Internet Advertising Bureau (EU)
- Network Advertising Initiative
12. Changes to Our Privacy and Cookies Policy
We reserve the right to change this Privacy and Cookies Policy from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last revised” date at the top of this Privacy and Cookies Policy. Where you have previously consented to our use of your personal data, your continued use of the website after we make changes is deemed to be acceptance of those changes, so please check this Privacy and Cookies Policy periodically for updates. If we consider the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy and cookies policy changes). We will also keep prior versions of this Privacy and Cookies Policy in an archive for your review.
13. Contact Us
If you have any questions, comments, requests and complaints regarding this Privacy and Cookies Policy and the information we hold, please contact us at email@example.com, call us at 800‑915‑9122, or use our online contact form to send us a message (“Questions about NGINX?). Our US postal mail address is:
San Francisco, CA 94107