In this privacy policy (the “Policy”) we set forth how we collect your Personal Data, how and for what purposes we may use your Personal Data (as defined in Section 2 below), and to whom your Personal Data may be disclosed by us. Additionally, this Policy includes important information regarding your rights with respect to our collection of your Personal Data, so we encourage you to read carefully.
EdgeConneX, Inc. and its affiliated companies (“EdgeConneX”, “We”, “Us”) are strongly committed to protecting your Personal Data in accordance with applicable data protection legislation, including with the General Data Protection Regulation (the “GDPR”) and relevant U.S. and international law (collectively, the “Data Protection Legislation”). Our goal is to be transparent with you about how we collect and use your Personal Data in our relationship with you and inform you about your privacy rights and how the law protects you.
Pursuant to applicable Data Protection Legislation, EdgeConneX qualifies as a controller with respect to Personal Data we process.
We collect Personal Data from you for the following purposes: providing our products and services, making the website (the “Site”) and our EdgeOS Portal available to you, operating our business, communicating with you, managing the safety and security of our data center facilities, conducting investigations where necessary, and generally improving our Sites and services.
For purposes of this Policy, “Personal Data” means information about an individual, from which that individual is either directly identified or can be identified. You can find the GDPR definition of Personal Data here. For your reference, Personal Data does not include “anonymous data”, information, where the identify of individuals, has been permanently removed, however, it does include “indirect identifiers” or “pseudonymous data” (i.e. information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person).
The table below outlines the Personal Data we collect from you or from third parties about you and the purposes for which we collect such Personal Data.
| Category of Personal Data | Collection of Personal Data | Purpose |
|---|---|---|
| Identity Data | First name, surname, title, government ID, type and number | Physical security of our data centers; Information security compliance; Administration and management of contractual relationships and performance of our contracted services; Allow access to EdgeConneX’s online portal; System management in order to maintain up to date information in our systems; Marketing; Address complaints; Establish, defend, and exercise our legal position |
| Contact Data | Your email address and telephone numbers, company name. | Physical security of our data centers; Information security compliance; Administration and management of contractual relationships and performance of our contracted services; Allow access to EdgeConneX’s online portal; System management in order to maintain up to date information in our systems; Marketing; Address complaints; Establish, defend, and exercise our legal position |
| Data Center Access Records | Dates, times and location of access to our facilities, access credentials, including any biometric access credentials (vascular print, hand shape, iris scan, etc.), CCTV images of people entering the data center and accessing the customer areas. | Physical security; Controlling access to our data centers and customer spaces and providing access logs information to our customers; Incident reporting and investigations |
| Marketing and Communications Data | Your preferences in receiving marketing from us and your communication preferences. | To form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you. |
| Behavioral Data | Site access, page access, time spent on page, feature use and other patterns related to website flow and usage. | Improve our services and the quality thereof; Troubleshooting; Marketing purposes; Analyze your surfing behavior and create a profile |
| Technical Data | Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or use our services. | Improve our services and the quality thereof; Troubleshooting; Marketing purposes; Analyze your surfing behavior and create a profile |
| HR Data | Personal Data, Contact Data, and other related information collected in the context of an employment relationship.* | For use within our recruitment procedures; Internal employee management |
*With respect to the collection of such HR Data for residents of the European Union, EdgeConneX respects the national laws of the European Union (EU) country where the information was initially collected or processed prior to transfer and all such transfers of HR Data related to EU nationals shall abide by the principles of the Privacy Shield set forth in this Policy.
We collect biometric data solely for the purposes of verifying user identity, but we do not collect any additional “Special Categories of Personal Data” about you, including, details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and information about your health.
We will only use your Personal Data for the purposes for which we collected it as listed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
In respect of each of the purposes for which we use your Personal Data, applicable Data Protection Regulations require us to ensure that we have legal grounds (“legal basis” under the GDPR) for that use. Most commonly, we will rely on one of the following legal bases:
As described above, we establish a legitimate basis for processing your Personal Data prior to such processing and abide by appropriate legal requirements to do so. Should we require collection of different information or should our basis for collection change, we will update this Privacy Policy, pursuant to the Changes to Our Policy Section below, and we will explain the legal basis which allows us to do so.
There may be circumstances where we may need to process your Personal Data either to comply with law, or to perform the terms of a contract we have with you. In the event you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with you with access to the Data Center).
EdgeConneX may disclose Personal Data to legal and regulatory authorities, as required by a valid and lawful order to a court or other governmental or public body. Additionally, EdgeConneX may share your Personal Data with our affiliates, technical consultants, third party auditors, and other third party service providers. All such third parties may access, process, or store Personal Data in the course of providing their services. We will only share Personal Data with third party service providers who guarantee to implement appropriate safeguards and security measures to ensure the confidentiality, integrity and availability of your Personal Data in compliance with the applicable Data Protection Legislations. EdgeConneX discloses only that information it believes in its reasonable discretion is necessary for the third party to carry out its obligations to EdgeConneX. EdgeConneX does not share your Personal Data with unauthorized persons and or entities nor do we sell your Personal Data to third parties.
EdgeConneX is a global organization headquartered in the United States and has legal entities, business functions, and systems in countries around the world. We share your Personal Data both with our affiliated companies within the EdgeConneX group and certain external third parties who are based outside the European Economic Area (“Europe”). Processing of Personal Information may occur outside of your local jurisdiction, including outside of Europe. Other countries have privacy laws that are different from privacy laws in your country. Regardless of location, EdgeConneX handles Personal Data as described here, and we take care to ensure that our employees, agents and strategic partners in other countries act in a manner consistent with this Policy.
EdgeConneX and its related U.S. affiliated and subsidiary entities comply with the EU-US Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use and retention of Personal Data transferred from the European Economic Area (EAA) to the United States. EdgeConneX has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. To learn more about the Privacy Shield Program, and to view our certification, please visit https://www.privacyshield.gov/.
With respect to Personal Data received or transferred pursuant to the Privacy Shield, EdgeConneX is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
As described in the Privacy Shield Principles, EdgeConneX is accountable for Personal Data that it receives and subsequently transfers to third parties. If third parties that process Personal Data on our behalf do so in a manner that does not comply with the Privacy Shield Principles, we are accountable, unless we prove that we are not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, EdgeConneX commits to resolve complaints about our collection or use of your Personal Data. Please refer to the Contact Us section below to find out how to reach out to us should you have a complaint.
EdgeConneX has further committed to refer unresolved Privacy Shield complaints to AAA an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit at http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of AAA are provided at no cost to you.
With respect to any personally identifiable data we may collect, EdgeConneX has further committed to cooperate with EU Data Protection Authorities (DPAs) established pursuant to the Privacy Shield as well as GDPR to address employee complaints and provide employees with a recourse mechanism free of charge with respect to any HR Data complaints that cannot be resolved internally.
As further explained in the Privacy Shield Principles, binding arbitration before a Privacy Shield Panel will also be made available to you in order to address residual complaints not resolved by any other means.
We are committed to ensuring that your Personal Data is secure. In order to prevent misuse, unauthorized access or disclosure, alteration and/or destruction, we have put in place appropriate technical, administrative, and security measures.
Our information security program is designed and certified to an internationally recognized standard, ISO 27001:2013. All EdgeConneX business systems and processes have also been certified as SOC2 Type 2, PCI, DSS, and HIPAA compliant. Systems and processes have been scrutinized for limiting access to only required personnel, and the proper protections and restrictions to physical accessibility have been implemented to secure your Personal Data from accidental loss and from unauthorized access, use, alteration or disclosure.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us are sent securely.
The length of time EdgeConneX may store your information may vary depending on our use of your Personal Data. EdgeConneX represents that unless otherwise required by law, we will not maintain your information for longer than is reasonably necessary for the purposes for which information was collected.
Under certain circumstances, by law you have the right to:
To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please contact us at compliance@edgeconnex.com
Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances.
Please note that:
We Process Personal Data to contact you with information regarding services that may be of interest to you. You can ask us to stop sending you marketing messages at any time by following the update email preferences or unsubscribe links on any marketing message sent to you or by contacting us at any time using the contact details in the Contact Us section.
Please note that we may still find it necessary to communicate with you regarding your use of the Site.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyze data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Cookies help us provide you with a better website experience, by enabling EdgeConneX to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. Declining cookies may prevent you from taking full advantage of the website.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, we do not have any control over external websites. External sites are not governed by this Policy. Therefore, we will not be responsible for the protection and privacy of any information which you provide when visiting such other sites. You should exercise caution and read the privacy statement applicable to the website in question.
Under no circumstance will EdgeConneX be liable for any information it merely transmits and does not collect from you during your use of our products or services.
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of Personal Data, or changes in applicable law. We will post any modifications or changes to this Policy on this page. We encourage you to regularly review this Policy.
You may reach out to us with any questions, comments, complaints, or requests regarding this Policy by emailing: compliance@edgeconnex.com; or writing to the following address:
EdgeConneX, Inc.
Attn: Privacy Officer
2201 Cooperative Way, Suite 400
Herndon, VA 20171
In the event you feel we have not adequately resolved your complaint, we have other recourse mechanisms available to you. If you are a European resident and have a complaint regarding this Policy, please note that the under the GDPR you have the right to contact your local data protection supervisory authority. In other jurisdictions, please refer to your local Data Protection Legislation for other appropriate recourse mechanisms that may be available to you should you have any unresolved complaints regarding this Policy.
Updated: June 2023