Privacy Policy

In this privacy policy (the “Policy”) we set forth how we collect your Personal Data, how and for what purposes we may use your Personal Data (as defined in Section 2 below), and to whom your Personal Data may be disclosed by us. Additionally, this Policy includes important information regarding your rights with respect to our collection of your Personal Data, so we encourage you to read carefully.

1. Who We Are


EdgeConneX, Inc. and its affiliated companies (“EdgeConneX”, “We”, “Us”) are strongly committed to protecting your Personal Data in accordance with applicable data protection legislation, including with the General Data Protection Regulation (the “GDPR”) and relevant U.S. and international law (collectively, the “Data Protection Legislation”). Our goal is to be transparent with you about how we collect and use your Personal Data in our relationship with you and inform you about your privacy rights and how the law protects you.

Pursuant to applicable Data Protection Legislation, EdgeConneX qualifies as a controller with respect to Personal Data we process.

2. Collection and use of Personal Data


We collect Personal Data from you for the following purposes: providing our products and services, making the website (the “Site”) and our EdgeOS Portal available to you, operating our business, communicating with you, managing the safety and security of our data center facilities, conducting investigations where necessary, and generally improving our Sites and services.

For purposes of this Policy, “Personal Data” means information about an individual, from which that individual is either directly identified or can be identified. You can find the GDPR definition of Personal Data here. For your reference, Personal Data does not include “anonymous data”, information, where the identify of individuals, has been permanently removed, however, it does include “indirect identifiers” or “pseudonymous data” (i.e. information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person).

The table below outlines the Personal Data we collect from you or from third parties about you and the purposes for which we collect such Personal Data.

Category of Personal Data Collection of Personal Data Purpose
Identity Data First name, surname, title, government ID, type and number Physical security of our data centers; Information security compliance; Administration and management of contractual relationships and performance of our contracted services; Allow access to EdgeConneX’s online portal; System management in order to maintain up to date information in our systems; Marketing; Address complaints; Establish, defend, and exercise our legal position
Contact Data Your email address and telephone numbers, company name. Physical security of our data centers; Information security compliance; Administration and management of contractual relationships and performance of our contracted services; Allow access to EdgeConneX’s online portal; System management in order to maintain up to date information in our systems; Marketing; Address complaints; Establish, defend, and exercise our legal position
Data Center Access Records Dates, times and location of access to our facilities, access credentials, including any biometric access credentials (vascular print, hand shape, iris scan, etc.), CCTV images of people entering the data center and accessing the customer areas. Physical security; Controlling access to our data centers and customer spaces and providing access logs information to our customers; Incident reporting and investigations
Marketing and Communications Data Your preferences in receiving marketing from us and your communication preferences. To form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you.
Behavioral Data Site access, page access, time spent on page, feature use and other patterns related to website flow and usage. Improve our services and the quality thereof; Troubleshooting; Marketing purposes; Analyze your surfing behavior and create a profile
Technical Data Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or use our services. Improve our services and the quality thereof; Troubleshooting; Marketing purposes; Analyze your surfing behavior and create a profile
HR Data Personal Data, Contact Data, and other related information collected in the context of an employment relationship.* For use within our recruitment procedures; Internal employee management

*With respect to the collection of such HR Data for residents of the European Union, EdgeConneX respects the national laws of the European Union (EU) country where the information was initially collected or processed prior to transfer and all such transfers of HR Data related to EU nationals shall abide by the principles of the Privacy Shield set forth in this Policy.

We collect biometric data solely for the purposes of verifying user identity, but we do not collect any additional “Special Categories of Personal Data” about you, including, details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and information about your health.

We will only use your Personal Data for the purposes for which we collected it as listed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

2.1 “LEGAL BASIS” FOR PROCESSING YOUR PERSONAL DATA

In respect of each of the purposes for which we use your Personal Data, applicable Data Protection Regulations require us to ensure that we have legal grounds (“legal basis” under the GDPR) for that use. Most commonly, we will rely on one of the following legal bases:

  • Where we need to perform a contract we are about to enter into or have entered into with you (“Contractual Necessity”). For the processing of Personal Data of our customer contacts, supplier contacts and service provider contacts, we rely on the performance of a contract with such party as well as on a legitimate interest to use such Personal Data.
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). We rely on a legitimate interest to process Personal Data for purposes of data center safety, security, system management, troubleshooting, service improvements, marketing, and other related purposes, as outlined above.
  • Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
  • Where we have your specific consent to carry out the processing for the Purpose in question (“Consent”). Generally, we do not rely on your Consent as a legal basis for using your Personal Data, however, for purposes of processing HR Data with respect to our recruitment procedures, we rely on your consent when you provide us with your application materials.

As described above, we establish a legitimate basis for processing your Personal Data prior to such processing and abide by appropriate legal requirements to do so. Should we require collection of different information or should our basis for collection change, we will update this Privacy Policy, pursuant to the  Changes to Our Policy Section below, and we will explain the legal basis which allows us to do so.

2.2 WHY WE MAY NEED TO CONTINUE PROCESSING YOUR PERSONAL DATA

There may be circumstances where we may need to process your Personal Data either to comply with law, or to perform the terms of a contract we have with you. In the event you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with you with access to the Data Center).

3. Disclosure of Personal Data


EdgeConneX may disclose Personal Data to legal and regulatory authorities, as required by a valid and lawful order to a court or other governmental or public body. Additionally, EdgeConneX may share your Personal Data with our affiliates, technical consultants, third party auditors, and other third party service providers. All such third parties may access, process, or store Personal Data in the course of providing their services. We will only share Personal Data with third party service providers who guarantee to implement appropriate safeguards and security measures to ensure the confidentiality, integrity and availability of your Personal Data in compliance with the applicable Data Protection Legislations. EdgeConneX discloses only that information it believes in its reasonable discretion is necessary for the third party to carry out its obligations to EdgeConneX. EdgeConneX does not share your Personal Data with unauthorized persons and or entities nor do we sell your Personal Data to third parties.

4. Transfers of Personal Data


EdgeConneX is a global organization headquartered in the United States and has legal entities, business functions, and systems in countries around the world. We share your Personal Data both with our affiliated companies within the EdgeConneX group and certain external third parties who are based outside the European Economic Area (“Europe”). Processing of Personal Information may occur outside of your local jurisdiction, including outside of Europe. Other countries have privacy laws that are different from privacy laws in your country. Regardless of location, EdgeConneX handles Personal Data as described here, and we take care to ensure that our employees, agents and strategic partners in other countries act in a manner consistent with this Policy.

EdgeConneX and its related U.S. affiliated and subsidiary entities comply with the EU-US Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use and retention of Personal Data transferred from the European Economic Area (EAA) to the United States. EdgeConneX has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. To learn more about the Privacy Shield Program, and to view our certification, please visit https://www.privacyshield.gov/.

With respect to Personal Data received or transferred pursuant to the Privacy Shield, EdgeConneX is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

As described in the Privacy Shield Principles, EdgeConneX is accountable for Personal Data that it receives and subsequently transfers to third parties. If third parties that process Personal Data on our behalf do so in a manner that does not comply with the Privacy Shield Principles, we are accountable, unless we prove that we are not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, EdgeConneX commits to resolve complaints about our collection or use of your Personal Data. Please refer to the Contact Us section below to find out how to reach out to us should you have a complaint.

EdgeConneX has further committed to refer unresolved Privacy Shield complaints to AAA an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit at http://go.adr.org/privacyshield.html for more information or to file a complaint.  The services of AAA are provided at no cost to you.

With respect to any personally identifiable data we may collect, EdgeConneX has further committed to cooperate with EU Data Protection Authorities (DPAs) established pursuant to the Privacy Shield as well as GDPR to address employee complaints and provide employees with a recourse mechanism free of charge with respect to any HR Data complaints that cannot be resolved internally.

As further explained in the Privacy Shield Principles, binding arbitration before a Privacy Shield Panel will also be made available to you in order to address residual complaints not resolved by any other means.

5. Information Security


We are committed to ensuring that your Personal Data is secure. In order to prevent misuse, unauthorized access or disclosure, alteration and/or destruction, we have put in place appropriate technical, administrative, and security measures.

Our information security program is designed and certified to an internationally recognized standard, ISO 27001:2013. All EdgeConneX business systems and processes have also been certified as SOC2 Type 2, PCI, DSS, and HIPAA compliant. Systems and processes have been scrutinized for limiting access to only required personnel, and the proper protections and restrictions to physical accessibility have been implemented to secure your Personal Data from accidental loss and from unauthorized access, use, alteration or disclosure.

Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us are sent securely.

6. Information Storage


The length of time EdgeConneX may store your information may vary depending on our use of your Personal Data. EdgeConneX represents that unless otherwise required by law, we will not maintain your information for longer than is reasonably necessary for the purposes for which information was collected.

7. Your Rights to Your Personal Data


Under certain circumstances, by law you have the right to:

  • Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
  • Object to processing of your Personal Data. This right exists where we are relying on a Legitimate Interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
  • Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent. This right only exists where we are relying on consent to process your Personal Data (“Consent Withdrawal”). If you withdraw your consent, we may not be able to provide you with access to the certain specific functionalities of our Site. We will advise you if this is the case at the time you withdraw your consent.

7.1 EXERCISING YOUR RIGHTS

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please contact us at compliance@edgeconnex.com

Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances.

Please note that:

  • In some cases, it will be necessary to provide evidence of your identity before we can give effect to these rights; and
  • Where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.

7.2 MARKETING COMMUNICATION PREFERENCES

We Process Personal Data to contact you with information regarding services that may be of interest to you. You can ask us to stop sending you marketing messages at any time by following the update email preferences or unsubscribe links on any marketing message sent to you or by contacting us at any time using the contact details in the Contact Us section.

Please note that we may still find it necessary to communicate with you regarding your use of the Site.

8. Use of our Website


8.1 COOKIES

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual.  The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.  We use traffic log cookies to identify which pages are being used.  This helps us analyze data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Cookies help us provide you with a better website experience, by enabling EdgeConneX to monitor which pages you find useful and which you do not.  A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.  You can choose to accept or decline cookies.  Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. Declining cookies may prevent you from taking full advantage of the website.

8.1 LINKS TO OTHER WEBSITES

Our website may contain links to other websites of interest.  However, once you have used these links to leave our site, we do not have any control over external websites. External sites are not governed by this Policy. Therefore, we will not be responsible for the protection and privacy of any information which you provide when visiting such other sites. You should exercise caution and read the privacy statement applicable to the website in question.

9. Disclaimer


Under no circumstance will EdgeConneX be liable for any information it merely transmits and does not collect from you during your use of our products or services.

10. Changes to our Policy


This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of Personal Data, or changes in applicable law. We will post any modifications or changes to this Policy on this page. We encourage you to regularly review this Policy.

11. Contact Us


You may reach out to us with any questions, comments, complaints, or requests regarding this Policy by emailing: compliance@edgeconnex.com; or writing to the following address:

EdgeConneX, Inc.
Attn: Privacy Officer
2201 Cooperative Way, Suite 400
Herndon, VA 20171

In the event you feel we have not adequately resolved your complaint, we have other recourse mechanisms available to you. If you are a European resident and have a complaint regarding this Policy, please note that the under the GDPR you have the right to contact your local data protection supervisory authority. In other jurisdictions, please refer to your local Data Protection Legislation for other appropriate recourse mechanisms that may be available to you should you have any unresolved complaints regarding this Policy.

Updated: June 2023