EU-U.S. Data Privacy Framework Program
(EU-U.S. DPF) – Compliant Privacy Policy
This EU-U.S. Data Privacy Framework program (EU-U.S. DPF)-compliant Privacy Policy sets forth the privacy principles that phoenixNAP follows with respect to personal information transferred from the European Economic Area (EEA) (which includes the twenty-eight member states of the European Union (EU) plus, Iceland, Liechtenstein and Norway) to the United States.
phoenixNAP complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. phoenixNAP has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
phoenixNAP has certified that it adheres to the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability within the scope of its EU-U.S. Data Privacy Framework program (EU-U.S. DPF) certification. If there is any conflict between the terms in this privacy policy and the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) Principles, the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) Principles shall govern. To learn more about the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) program, and to view phoenixNAP’s certification, please visit the https://www.dataprivacyframework.gov/ page.
phoenixNAP’s participation in the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) applies to all personal data that is subject to the phoenixNAP Privacy Agreement and is received from the European Union and European Economic Area. phoenixNAP will comply with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) principles in respect of such personal data. Please refer to this phoenixNAP Privacy Agreement for further information on data collection and use. In addition, certain personal information may be subject to more specific privacy policies of phoenixNAP, which are also consistent with the requirements of the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) Framework.
phoenixNAP collects the following data and lists the purpose of collection:
| Data | Purpose |
|---|---|
| First name | Marketing, Billing/Account Provisioning, Biometric Enrolment |
| Last name | Marketing, Billing/Account Provisioning, Biometric Enrolment |
| Company name | Marketing, Billing/Account Provisioning, Biometric Enrolment |
| Email address | Marketing, Billing/Account Provisioning, Biometric Enrolment |
| Corporate physical address | Billing/Account Provisioning, Biometric Enrolment |
| Corporate phone number | Billing/Account Provisioning, Biometric Enrolment |
| Iris scan | Biometric Enrolment |
| Vascular scan | Biometric Enrolment |
| Driver’s license/Photo ID | Facility Access |
phoenixNAP may share its marketing data with partners within its ecosystem that includes VMware, Microsoft, Veeam, Brocade, Intel, Nimble, SuperMicro and Micron. This data can be shared by 3rd party automation and CRM systems, mainly Salesforce and Hubspot.
phoenixNAP also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
If phoenixNAP ever were to engage in any onward transfers of personal data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide data subjects with an opt-out choice to limit the use and disclosure of your personal data.
phoenixNAP’s accountability for personal data that it receives under the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) and subsequently transfers to a third party is described in the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) Principles. In particular, phoenixNAP remains responsible and liable under the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless phoenixNAP proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF, phoenixNAP commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF in the context of the employment relationship.
phoenixNAP acknowledges that EU individuals have the right to access the personal information that we maintain about them. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should submit a written request to the Chief Legal Officer, whose contact information is listed below. If requested to remove data, we will respond within a reasonable timeframe.
In compliance with the EU-US Data Privacy Framework program’s Principles, phoenixNAP commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union individuals with DPF inquiries or complaints should first contact
PhoenixNAP, LLC
c/o Legal Department
3402 E University Dr, Phoenix, AZ 85034, United States
phoenixNAP has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
Should your complaint remain fully or partially unresolved after a review by phoenixNAP, BBB National Programs Data Privacy Framework Services and the relevant DPA, you may be able to, under certain conditions, seek binding arbitration before the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) Panel. For more information, please visit https://www.dataprivacyframework.gov/.
phoenixNAP is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Effective Date: September 2023.