NetSuite Privacy Statement
Effective Date: November 21, 2016
In this Privacy Statement (“Statement”), NetSuite Inc. and its worldwide subsidiaries (collectively, the “NetSuite Group”), explains how we collect, use, maintain, disclose, and transfer personal information, and the choices you have in relation to our processing of your personal information. We are committed to protecting your privacy in accordance with this Statement.
References in this Statement to “we,” “us” or “our” are references to the NetSuite Group entity that is operating the relevant Website, or providing the applicable Services. Statements referring to “you” or “your” are references to the company or individual we are collecting personal information about. Our use of the term Services in this Statement has the same definition as in customer’s applicable Services agreement with us, or the applicable NetSuite Group service (“Services”).
If you have any questions regarding this Statement, please email us at firstname.lastname@example.org or see the “How to Contact Us” section below.
This Statement applies to the following:
- Personal information we collect through all websites operated by the NetSuite Group (“Website(s)”). You can determine which NetSuite Group entity has responsibility for operating a particular Website by looking in the Contact Us section of the relevant Website.
- Personal information we collect about you in the course of doing business with you, such as when you engage with us as a customer, potential customer, vendor, service provider, professional advisor, consultant or other third party in relation to the provision of our Services, and the operation of our business generally. This includes sales, marketing, business contact or registration activities conducted by the NetSuite Group, but does not include any personal information you or your end-users input or upload into the Services. You can determine which NetSuite Group entity has responsibility for processing your Business Data by referring to your relevant Services agreement with us.
(collectively “Business Data”).
OUTSIDE OF SCOPE
For personal information our customers and their end-users input or upload into the Services (“Customer Data”), please refer to the NetSuite Services Privacy Statement. As a data processor, we will process all Customer Data strictly on behalf of our customers in accordance with our contractual agreements with them and/or as required or permitted by law. For purposes of clarity, this Statement does not apply to Customer Data.
TYPES OF DATA AND COLLECTION METHODS
Information you provide to us through the Websites: Through your use of the Websites, you may choose to provide us with certain personal information. For example, when you request information, a free product tour, schedule a consultation, use our Chat Now function, subscribe to a mailing list, subscribe to Services, respond to an online survey or otherwise contact us, we usually collect personal information such as your name, e-mail address(es), postal address(es), telephone numbers and any other information you choose to provide.
You can opt out of providing information by not entering it when asked. If information is required in order to allow us to respond to your inquiry, you will receive a notice advising you of this. If you do not provide us with some or all of the requested information we may not be able to provide the requested information or Services to you.
Information we collect automatically through the Websites: The Websites also collect certain information by automated means. For example, when you visit a Website, we track certain information about your computer and Internet connection, such as the IP address of your computer and/or Internet service provider, the date and time you access the site, the Internet address of websites from which you link to our Websites, the computer technology you are using and your movements and preferences on our site.
We do not deliver third party online advertisements on our Websites, but we may use third-party advertising companies to serve ads for our Services when you access and use other websites, based on the information relating to your access to and use of our Websites, as well as information received from third parties. To do so, these companies may place or recognise a unique cookie on your browser (including through use of pixel tags). If you would like more information about this practice and to learn how to opt out in desktop and mobile browsers on the particular device on which you are accessing this Privacy Statement, please visit http://www.networkadvertising.org/managing/opt_out.asp and http://www.aboutads.info/. We do not currently respond to browser do-not-track signals.
We also may collect information related to your company, approximate geographic location, or other demographic information that does not personally identify you.
To the extent permitted by applicable law, we reserve the right to combine other information as defined above with personal information that you submit.
Information customers and potential customers provide to us: You may choose to provide personal information when engaging in or conducting business with us. The types of information we may collect include names, email addresses, postal addresses, contact details, job titles, transactional information, financial/billing information, account information, correspondence and any other information you may choose to provide.
You may also choose to provide personal information, such as contact details and job titles, when you attend sales and marketing events, product demos, take part in surveys, or through other sales and marketing interactions we may have with you.
Other information we collect in the course of operating our business: We also collect information from our vendors, suppliers, service providers, agents, consultants, business partners, professional advisors and other third parties for the purposes of managing and operating our business. For example, we will collect business contact information, financial information and other information necessary to engage third parties and to evaluate their performance.
Information we collect automatically through the Services: Our systems may also collect certain information automatically when you use the Services, for example, usage information (such as user activity, configuration of the device, performance metrics data) and log information (such as IP addresses, ISP, browser type, clickstream data, security information, errors and crashes).
COLLECTION PURPOSES, USE OF BUSINESS DATA
We will use your personal information for a range of different purposes, including:
- To respond to your specific inquiry or request and to provide you with information and access to resources that you have requested from us;
- To administer, protect, operate and maintain the Websites and our systems;
- To improve the navigation and content of our Websites, system administration and security;
- To compile aggregated statistics about the site usage and to better understand the preferences of our site visitors;
- To help personalise your experience on our Websites (for example, we may use IP addresses to approximate your general location such as city and state for purposes such as to provide information on local promotions and events);
- To help deliver our Services to our customers and to provide customer service and support;
- To process and complete business transactions and send related information, including transaction confirmations and invoices;
- To send information to our customers about their account, technical alerts or updates, and other administrative or service-related communications;
- To carry out research and development to improve our Services;
- To carry out other legitimate business purposes, as well as other lawful purposes about which we will notify our users and customers.
We maintain reasonable procedures to help ensure that personal information we collect and use is reliable for its intended use, accurate, complete, and current.
Additionally, we may collect personal information for marketing purposes such as contacting you to further discuss your interest in our company, the Services we provide and ways we can improve them and to provide information on Services, promotions, and events. You can opt out of receiving marketing emails as explained in the “Your Marketing Options” section below.
DATA TRANSFERS TO THIRD PARTIES
We do not sell your personal information to any third parties; however, we may share your personal information with third parties as follows:
- Within the NetSuite Group of companies consistent with this Statement.
- Trusted agents, consultants and service providers to perform business related functions such as service providers that help support the Services.
- Business partners, such as system integrators, distributors, and referral partners that are involved in providing Services. For example, if you indicate an interest in a Service, we may share personal information such as your contact information with our business partners.
Under certain circumstances, we may be required to disclose your personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
We may disclose your personal information if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency, or in the good faith belief that such action is necessary (a) to comply with a legal obligation, (b) to protect or defend our rights, interests or property or that of third parties, (c) to prevent or investigate possible wrongdoing in connection with the site or our Services, (d) to act in urgent circumstances to protect the personal safety of users of the site, our Services or the public; or (e) to protect against legal liability.
DISCLOSURE FOR PROSPECTIVE SALE, MERGER, ACQUISITION OR REORGANIZATION
We may share or transfer your information in connection with a prospective or actual sale, merger, transfer or other reorganisation of all or parts of our business. Also, we reserve the right to fully use and share any information that is not in personally identifiable form (such as statistics and survey results that do not identify you individually by name).
If we intend to use your information for a purpose that is materially different from the purposes identified above or if we intend to disclose it to a third party (a non-agent) not previously identified, we will notify you and offer you the opportunity to opt out of such uses and/or disclosures where it involves non-sensitive information or opt-in where sensitive information is involved.
You may choose to change your marketing choices at any time by contacting us at: email@example.com, or by contacting us as described in the “How to Contact Us” section below.
You can also unsubscribe from our marketing communications by following the instructions or unsubscribe mechanism in the e-mail message. To opt out of receiving marketing related communications from us, please click on the “opt-out” link in the communication or please contact us at firstname.lastname@example.org, or by contacting us as described in the “How to Contact Us” section below. Please note that if you do opt-out of receiving marketing- related emails from us, we may still send you important administrative messages, and you cannot opt-out from receiving account-related or other administrative messages.
This Statement does not apply to, nor are we responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the site links. The inclusion of a link on the site does not imply our endorsement of the linked site or service.
We maintain reasonable and appropriate security measures to protect your personal information from loss, misuse, and unauthorised access, disclosure, alteration, and destruction.
Your personal information may be stored and processed in any country where we have facilities or in which we engage service providers. You acknowledge that your personal information may be transferred to countries outside of your country of residence, including the United States, which may have different data protection rules than those of your country.
EU-US PRIVACY SHIELD
NetSuite Inc., Bronto Software, LLC, Monexa LLC and Order Motion, Inc. adhere to the EU-U.S. Privacy Shield with respect to Business Data received from customers, potential customers, vendors, service providers, professional advisors, business partners, consultants or other third parties in the European Economic Area (“EEA”) (“Privacy Shield Business Data”).
References in this EU-US Privacy Shield section to “we,” “us” or “our” are references to NetSuite Inc., Bronto Software, LLC, Monexa LLC or Order Motion, Inc. only.
(This Statement does not apply to Customer Data – see NetSuite Services Privacy Statement for information about our Privacy Shield Certification for Customer Data.)
The entities listed in this “EU-US Privacy Shield” section have certified adherence to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability when in receipt of Privacy Shield Business Data.
For purposes of enforcing compliance with the Privacy Shield, we are subject to the investigatory and enforcement authority of the US Federal Trade Commission.
For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review our certification on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.
Where we transfer Privacy Shield Business Data to our third party agents under the Privacy Shield, we will remain responsible if our third party agent fails to process your Privacy Shield Business Data in compliance with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
You may have the right to access your Privacy Shield Business Data that we hold about you and request that we correct, amend or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Privacy Shield Business Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information.
If you have a question, complaint or you want to limit the processing of your Privacy Shield Business Data under the Privacy Shield, please contact us as described in the How to Contact Us section below. We will investigate and attempt to resolve any Privacy Shield requests, complaints or disputes regarding the use or disclosure of Privacy Shield Business Data within 45 days of receiving your complaint.
We have further committed to cooperate and comply with the panel of European data protection authorities (DPAs) in the resolution of any Privacy Shield complaints. If you have an unresolved Privacy Shield or Privacy Shield Business Data use concern that we have not addressed satisfactorily, please contact your local DPA and they will investigate your complaint free of charge. Their contact details can be found here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. A binding arbitration option will also be made available to you, in accordance with the Privacy Shield Principles, to address complaints not resolved by other means.
We will also cooperate and comply with any investigation, decision or advice made or given by the U.S. Department of Commerce and the Federal Trade Commission.
US-SWISS SAFE HARBOR
For transfers of personal information from Switzerland to the United States, NetSuite Inc. has certified compliance with the US-Swiss Safe Harbor Framework. We commit to apply the Swiss Safe Harbor Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement when processing such personal information. Details of our certification can be found here: https://safeharbor.export.gov/companyinfo.aspx?loc=swiss&id=34154.
If you believe your personal information has not been processed in compliance with our US-Swiss Safe Harbor commitments, or you wish to access, correct, amend or delete your personal information, you may contact us using the contact details provided below and we will consider your request in accordance with the Swiss Safe Harbor Principles. You can also contact the Swiss Federal Data Protection and Information Commissioner if you are unsatisfied with our response.
We will retain your personal information for the period necessary to fulfill the purposes outlined in this Statement unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other legitimate and lawful business purposes.
GENERAL DATA REQUESTS
If personal information you have submitted to us is no longer accurate, current, or complete, and you wish to update it, please send an e-mail to: email@example.com, or by contacting us as described in the “How to Contact Us” section below. Upon appropriate request we will update or amend your information, but we reserve the right to use information obtained previously to verify your identity or take other actions that we believe are appropriate.
If you wish to access, correct, amend or delete your personal information under the Privacy Shield or Swiss Safe Harbor, see the “EU-US Privacy Shield” and “US-Swiss Safe Harbor” sections above.
HOW TO CONTACT US
If you have any questions regarding this Statement or if you need to request access to or update, change or remove personal information that we control, you can do so by contacting:
Denise Farnsworth at: firstname.lastname@example.org or email@example.com
or by regular mail addressed to:
Senior Director, Lead Privacy Counsel
2955 Campus Drive, Suite 100
San Mateo, CA 94403
We reserve the right to change, modify, add or remove portions of this Statement from time to time and in our sole discretion, but will alert you that changes have been made by indicating on this Statement the date it was last updated. When you visit this site, you are accepting the current version of this Statement as posted on the site at that time. We recommend that users revisit this Statement on occasion to learn of any changes.