vCom Solutions Privacy Policy

We respect your privacy and appreciate the importance of your trust. As part of our efforts to help you understand how we handle the personal information you share with us, and in compliance with the regulations named in Section 11 within, please review the following terms carefully.

  1. General Terms.

As more fully described below, we may collect and process certain information that is provided by you to us.  We have a legal basis for collecting and processing such information because:

  • You have given us permission to do so;
  • We must provide services to you in conjunction with a contract you have entered into for the provision of products or services, or an order you have placed via our software platform, or through other means (such order authorization may take various forms, such as signed service orders or master service agreements); and/or
  • We are required to do so in order to comply with applicable law.

The Section below describes the types of information that we may collect from you and our business purposes for collecting such information.

  1. Information that We Collect and Process.

Information Provided by You:

We may collect Personal Information that you provide to us.  “Personal Information” is information that can be used to identify you individually, and includes items such as your name, company name, business address, e-mail address, and telephone number. If you are a user of our products and/or Cloud-Based Platform, we may also collect payment information (such as your account or card number), if used to make a purchase from our Website or our Cloud-Based Platform or pay your invoices.  Further, you may provide information like employee business title, employee ID, login credentials, and assigned IT assets. By means of managing service providers with whom you contract, we may collect information like reference number, call detail records, cost center, department, and ICCID/IMEI.  The type of Personal Information that we may collect also depends on your use of this Website or our Cloud-Based Platform and what information you provide to us.

Employment Information:

You are sharing Personal Information with us when you apply for employment with vCom Solutions.  We may ask you to submit your resume or CV with your application for employment, along with any other information required to verify your qualifications. vCom Solutions’ applicants will have log-in credentials for our third-party recruiting software, which enables applicants to access their previous job applications, documents submitted, and the option to specify interest in being considered for other job openings in the future.

Analytical Information:

We and our third-party service providers may also use a variety of technologies that automatically or passively collect information about how this Website or our Cloud-Based Platform is accessed and used (known as “Usage Information”).  Usage Information may include the type of browser and device you used to access our Website or our Cloud-Based Platform, your operating system and application version, the web pages accessed by you, the time you accessed these web pages, preceding web page views, and your use of any features or applications on this Website or our Cloud-Based Platform.  Statistical data like this helps us understand what is interesting and relevant to our customers, so we can best adapt our content for our customers’ benefit.

We and our third-party service providers may also automatically collect an IP address or other unique identifier information from the computer, mobile device, technology or other device you use to access this Website or our Cloud-Based Platform.  We may use this information to, among other things, administer this Website or our Cloud-Based Platform, help diagnose server problems, analyze trends, track web page movements, help identify you and your shopping cart, and gather broad demographic information for collected use.

Cookies and Other Technology:

Like many sites, our Website or our Cloud-Based Platform employs cookies, JavaScript tags and Web beacons (also known as clear GIF technology or “action tags”) to speed your navigation of our Website or our Cloud-Based Platform, recognize you and your access privileges, and track usage of our Website or our Cloud-Based Platform.  Cookies are small pieces of information that are stored as text files by your Internet browser on your computer’s hard drive.  We use both persistent cookies and third-party cookies.  Persistent and third-party cookies enable us to track and target the interests of our customers to enhance the experience on our Website or our Cloud-Based Platform. Persistent cookies are used to make it easier for you to navigate our Website or our Cloud-Based Platform, and remain on your hard drive for an extended period of time.  Third party cookies are only used for short-term tracking.

Most Internet browsers are initially set up to accept cookies.  You may disable cookies on your web browser within the Privacy & Security settings section of your browser; however, your ability to use the Website or our Cloud-Based Platform will be then limited and/or unavailable. To learn more about cookies, please click here. You may also choose to download an opt-out cookie (a cookie must be on your computer to tell our systems that you have opted-out). To learn more about opt-out cookies, please click here.

  1. Our Use and Sharing of Your Information.

We use the information that we collect about you for a variety reasons, including the following:

  • Verifying your identity;
  • Fulfilling your orders for products or services;
  • Responding to your questions;
  • Invoicing you for services rendered or products purchased;
  • Communicating with you about your purchases and activities on this Website or our Cloud-Based Platform;
  • Improving the Website or our Cloud-Based Platform and our customers’ experience;
  • Sending you emails and other marketing communications; and
  • Sending notices or information; and
  • For those who apply for employment with vCom Solutions, to process your employment application, including background checks and education and employment verification, as applicable.

We may share your Personal Information as described below:

  • With our sub-processors that we use to support our business;
  • To provide you with any information or services that you request;
  • To respond to subpoenas, court orders, and other legal process, or as otherwise required by law;
  • To exercise our legal rights or to defend ourselves against legal claims, to enforce our contracts, to investigate, respond to and resolve problems or inquiries (including governmental inquiries), or to permit us to pursue available remedies or limit the damages that we may sustain;
  • In connection with an actual or potential merger, sale, acquisition, assignment, or transfer of all or part of our assets, affiliates, lines of business, or products and services, including at bankruptcy;
  • With our affiliates, subsidiaries, or parent companies; and
  • With your consent.

If you would like to subscribe to the current list of our sub-processors with whom we share Personal Information, you may sign up here.

We may also use and disclose any information that is aggregated or de-identified so that it does not identify you personally, in our discretion.

  1. Security and Your Information.

We, and our sub-processors, use reasonable safeguards to protect Personal Information against loss, unauthorized use, disclosure or destruction and when transferring information for processing.  However, please note that no electronic data transmission or storage of information can be absolutely secure.  We cannot ensure or warrant the security of any information you transmit to us. When we are made aware of vulnerability in our security practices, we will address them according to our “Incident Response Protocol.”

  1. How Long We Will Retain Your Information.

We will not retain your personal information for longer than required.  We will keep your personal information until we no longer have a valid legal or business reason for keeping it or you request us to stop using it.  Please note that we may keep just enough of your personal information to ensure that we comply with your request not to use your personal information or comply with your right to erasure.  For example, we must keep your request to be erased even if it includes your personal data until such time as you are no longer our customer.  Please note we may also keep just enough of your personal information to remain compliant with tax authorities or regulatory entities.

  1. Your Rights

You have certain rights relating to your Personal Data, subject to local data protection laws. These rights may include:

  • To access your Personal Data held by us (right to access);
  • To rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete (right to rectification);
  • To erase/delete your Personal Data, to the extent permitted by applicable data protection laws (right to erasure; right to be forgotten);
  • To restrict our processing of your Personal Data to the extent permitted by law (right to restriction of processing);
  • To transfer your Personal Data to another controller, to the extent possible (right to data portability);
  • To object to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object). Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
  • To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”); Automated Decision-Making currently does not take place on our websites; and
  • To the extent we base the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
  1. Consent to Processing Information.

Our Website or our Cloud-Based Platform are governed by and operated in accordance with the laws of the State of California and the United States, and are intended for the use of residents of the United States.  If you are located outside of the United States, please be aware that information we collect will be transferred to and processed in the United States.

  1. Third Party Links and Services.

Our Website or our Cloud-Based Platform may contain links to third-party Websites and products and services.  We do not control such linked Websites and this Privacy Policy does not apply to those Websites.  We encourage you to read the privacy policy of any third-party Website that you visit before you provide any information to that Website’s owner.

  1. Our Children’s Policy.

Neither this Website nor our Cloud-Based Platform is directed to children under the age of thirteen (13).  Children may not use our Website or our Cloud-Based Platform or purchase our products, and we do not knowingly collect any personal information from children under the age of thirteen (13).  We have no way of distinguishing the age of individuals who access our Website or our Cloud-Based Platform. If a child has provided us with personal information, the parent or guardian should contact us to remove the information and opt out of promotional opportunities.

  1. Changes and Updates to our Privacy Policy.

We may change this Privacy Policy at any time without prior notice to you.  Any changes that we make will be effective immediately upon our posting of the revised Privacy Policy on this Website or our Cloud-Based Platform.  Your continued use of this Website or our Cloud-Based Platform and/or our platform constitutes your consent to any changes made.  We will use your Personal Information in a manner consistent with the Privacy Policy in effect at the time you submitted your Personal Information, unless you later consent to a revised policy.  We encourage you to periodically review this page for the latest information on our privacy practices.

  1. Acceptable Use Policy

For information on our Acceptable Use Policy, click here.

  1. Questions or Requests?

In the event that you wish to submit a question regarding our use of your personal information or request to modify, erase, or restrict the processing of your personal information, please contact us here: dataprotection@vcomsolutions.com

  1. Regulations to Which This Privacy Policy Pertains
  • EU General Data Protection Regulation 2016/679
  • California Consumer Privacy Act of 2018
  1. For California Consumers

The California Consumer Privacy Act (the “Act”), in effect January 1, 2020 affords California consumers several basic rights. Those rights include the right to know what personal information is collected, where it is sourced, the purpose of its use, whether it is disclosed or sold, and to whom it is disclosed or sold. California consumers have the right to opt out of allowing the sale of their personal information to third parties (or, for consumers under the age of 16, the right to not have their personal information sold without a parent or guardian’s consent). You have the right to have a business delete your personal information upon request, and you have the right to receive equal and non-discriminatory service and pricing from a business, even if you exercise your privacy rights under the Act.

In accordance with the Act, vCom is sharing its Privacy Policy with you.

  1. Refer to Section 2 above regarding “Information that we Collect and Process.” If you have questions about the data we have collected from you or how it is used, you may contact our Data Protection Officer at: (800) 804-8266, or dataprotection@vcomsolutions.com
  2. vCom takes your privacy very seriously, and does not ever monetize consumer data to any third-party organizations.
  3. You have the right to request erasure of your personal information, and may do so by contacting us at: (800) 804-8266 or dataprotection@vcomsolutions.com.
  4. To request erasure of your Personal Information in connection with an employment application, contact us at: (800) 804-8266 or hr@vcomsolutions.com.
  5. We will not retain your personal information for longer than required. We will keep your personal information until we no longer have a valid legal or business reason for keeping it or you request us to stop using it.  Please note that we may keep just enough of your personal information to ensure that we comply with your request not to use your personal information or comply with your right to erasure.  For example, we must keep your request to be erased even if it includes your personal data until such time as you are no longer our customer.  Please note we may also keep just enough of your personal information to remain compliant with tax authorities or regulatory entities.
  6. If you choose to exercise any of your privacy rights, rest assured you will continue to receive equal service and pricing on a non-discriminatory basis.
  7. Employment Information Collected other than through vCom Solutions Online Employment Process

If you submit Personal Information to vCom Solutions through any channel other than our online job application process, the same policy set forth above will be applied to such Personal Information you submit through channels other than the vCom Solutions Employment Application, except as follows:

  • Hardcopy Personal Information provided to vCom Solutions which is not converted to electronic media and hosted by vCom Solutions will be subject to different security procedures than will stored electronic Personal Information. vCom Solutions has security measures equal to or better than those reasonably expected in the industry, in place to protect against the loss, misuse and alteration of your hardcopy Personal Information under its control.

Acceptable Use Policy

Introduction

At vCom, we value you, and wish to provide you with an experience that exceeds your expectations. When you open an account with vCom, you may elect to subscribe to services that use Internet technology (for example, vManager or a high capacity data service). Subscribing to Internet-based services provides you with certain rights and privileges, but also carries with it certain duties and responsibilities.

As such, vCom reserves the right to monitor any and all facilities in use by its customers, and as required in its agreements with underlying service and facilities providers as outlined in the Acceptable Use Policy that follows. This Acceptable Use Policy is in place to both clearly state customers’ duties and responsibilities, as well as to provide a safe and secure network experience.

Compliance

Customers agree to use services in a manner consistent with any and all applicable state, federal or other laws or regulations. Reproduction or transmission of any material in violation of any local, state federal or internal law or regulation is strictly prohibited. Customer shall be responsible for all content that Customer makes available on or through services provided by vCom. Customer warrants that all such contents will not infringe upon, or otherwise violate any copyright, patent or other right held by a third party, and shall not violate any applicable law, regulation or industry standard. Customers agree that any materials to be reproduced or transmitted using vCom’s service through customer’s account(s) does not violate any such laws, nor does it contain materials which are in violation of obscenity laws or are libelous or threatening. Software intended to facilitate any such violation may not be stored using services procured from vCom.

Customer shall hold vCom, including its officers, agents, contractors or affiliates, or anyone else involved in administering, distributing, or providing services or equipment harmless from any losses, including, but not limited to, special, indirect, incidental, consequential or punitive damages. Customer shall hold harmless vCom from and against any claims, liabilities, and expenses, including attorney’s fees, resulting from Customer’s use of vCom’s service or Customer’s account in an unlawful manner or otherwise in violation of or contrary to Customer’s Agreement with vCom or this Acceptable Use Policy.

Specific examples of inappropriate usage include, but are not limited to:

Spamming – Sending unsolicited e-mail messages.

Intellectual Property Violations – Engaging in activities that infringe or misappropriate the intellectual property rights of others (such as copyrights, trademarks or patents).

Obscene Speech or Materials – Using services procured by vCom to store, disseminate or otherwise display child pornography or other materials in violation of obscenity laws.

Defamatory or Abusive Language – Using services procured by vCom to post or transmit harassing, abusive, defamatory or threatening language to others.

Forging of Headers – Forging or misrepresenting message headers, so as to mask the originator of the message.

Illegal or Unauthorized Access to Other Computers or Networks (“Hacking”) – Illegal access to computers or networks belonging to another party.

Distribution of Internet Viruses, Worms, Trojan Horses, or Other Destructive Activities – Distributing information regarding the creation of, or sending of Internet viruses, worms, Trojan horses, or other destructive activities.

Export Control Violations – Exporting encryption software over the Internet to points outside the United States is in violation of Federal laws.

Other Illegal Activities – Engaging in any other activities that are determined to be illegal or harmful to others, including those activities determined by vCom to be lawful or unlawful that may be harmful to its subscribers, operations, reputation, goodwill or customer relations.

Responsibilities

It is the responsibility of the Customer to adhere to this Acceptable Use Policy. Although vCom may monitor communications to ensure such compliance, as well as compliance with applicable laws, vCom does not undertake widespread monitoring as a general practice. However, upon receipt of a complaint from a vCom subscriber, law enforcement personnel, or if vCom becomes aware of any inappropriate or unlawful activities, it will undertake to verify such activities, identify the subscriber, and remedy the situation.

Use of the Internet is neither more nor less secure than other means of communication, including mail, facsimile or voice telephone service. As such, vCom does not assume responsibility for the security of information transmitted over facilities procured by it for use by a Customer.

Limitation of Liability

VCOM DOES NOT MAKE ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER STATUTORY, EXPRESS OR IMPLIED, REGARDING THE SERVICES OR EQUIPMENT PROVIDED BY VCOM, OR IN CONNECTION WITH ANY VCOM FACILITIES OR EQUIPMENT INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE OR IMPLIED WARRANTIES ARISING FROM A COURSE OF DEALING OR A COURSE OF PERFORMANCE. VCOM EXPRESSLY DISCLAIMS ANY REPRESENTATION OR WARRANTY THAT THE SERVICES OR EQUIPMENT PROVIDED BY VCOM HEREUNDER OR IN CONNECTION HEREWITH, WILL BE ERROR FREE, SECURE OR UNINTERRUPTED. NO ORAL ADVICE OR WRITTEN INFORMATION GIVEN BY VCOM, ITS OFFICERS, EMPLOYEES, AGENTS, CONTRACTORS OR LICENSEES SHALL CREATE ANY SUCH WARRANTY, NOR SHALL CUSTOMER RELY ON ANY SUCH ADVICE.

Complaints

vCom Customers are responsible to report to vCom any network issue which could compromise the stability, service or security of use by vCom or its customers of services provided by vCom. Complaints concerning prohibited uses of services, or any other abuse of services or terms contained within this Acceptable Use Policy should be reported immediately via e-mail:service@vcomsolutions.com , phone: 1-800-804-8266, or in writing: vCom Solutions, 12657 Alcosta Boulevard, Suite 418, San Ramon, CA 94583. Please include all applicable information pertinent to the complaint so vCom can investigate.

Additional Terms & Conditions

Use of the vCom network, equipment or services by a Customer of vCom is subject to the terms and conditions contained within any Service Order or Master Services Agreement entered into by such Customer with vCom. The Acceptable Use Policy is incorporated into such agreements by reference, and vCom reserves the right to modify the Policy at any time by posting modifications.

Data Processing Addendum

This Data Processing Addendum (“Addendum”)is in addition to, and incorporates by reference, the Agreement(s) between vCom Solutions (“vCom”) and You (“Customer”), respectively (“the Parties”). This Addendum is entered into between the Parties and amends the Agreement(s) in accordance with provisions of the California Consumer Privacy Act of 2018 and the European Union General Data Protection Regulation (Regulation (EU) 2016/679): 

IT IS AGREED as follows for each Agreement: 

1.DEFINITIONS 

  1. Capitalized terms used and not otherwise defined in this Addendum have the meanings provided in the Terms of the Agreement.
  2. The terms “Personal Data,” “Personal Data Breach,” “Processing,” and “Supervisory Authority” have the meanings given those terms in the GDPR. 
  3. “Supervisory Authority” may also mean (as applicable) an independent public authority which is established by the California Attorney General. 
  4. Customer Personal Data” means any Personal Data of Data Subjects based in the European Economic Area (as defined in the Agreement on the European Economic Area dated January 1, 1994, “EEA”) that is Processed by vCom or any of its Subprocessors on behalf of Customer pursuant to the Agreement.  For clarification, aggregated or otherwise anonymized data is not Customer Personal Data.  
  5. Data Protection Law” means, (a) on and after May 25, 2018, the GDPR, and (b) before May 25, 2018, Directive 95/46/EC. For the avoidance of doubt, until May 25, 2018, any provisions of this Addendum relating to GDPR are deemed to refer to the corresponding provisions (if any) of Directive 95/46/EC. 
  6. Data Subject Request” means the exercise by Data Subjects of their rights under Chapter III of the GDPR. 
  7. Data Subject” means the identified or identifiable natural person to whom Customer Personal Data relates. With respect to CCPA a Data Subject may also be known as a “Consumer.” 
  8. Directive 95/46/EC” means Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. 
  9. GDPR” means the EU General Data Protection Regulation 2016/679 and, to the extent the GDPR is no longer applicable, any implementing legislation or legislation having equivalent effect.  
  10. Subprocessor” means any third party (including any vCom Affiliate) appointed by or on behalf of vCom to Process Customer Personal Data. 
  11. “Third Party” under California law means any entity that is not a Business or a Service Provider. 
  12. “California Consumer Privacy Act of 2018” or (“CCPA”) means Assembly Bill 375 of the California House of Representatives, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, pertaining to privacy and approved by the California Governor on June 28, 2018. 
  13. “Contracted Processor” or “Service Provider” means vCom. 
  14. “Business” means you (the customer), or the business entity which has contracted with vCom for specific products or services

2. PROCESSING OF CUSTOMER PERSONAL DATA

  1. vCom shall implement processes and maintain procedures designed to comply with the CCPA and Data Protection Law in Processing Customer Personal Data/consumer data and shall not Process such data   other than on Customer’s instructions or as otherwise required by applicable law. 
  2. Customer instructs vCom, subject to Customer’s compliance with the CCPA and Data Protection Law, to Process Customer Personal Data as necessary to provide the Services to Customer in a manner consistent with the Agreement(s) and associated Documentation. Where vCom receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection Law, vCom shall inform Customer. 
  3. Section 3 to this Addendum describes the details of the Processing of Customer Personal Data. vCom may update Section 3 from time to time as vCom reasonably considers necessary to reflect the Processing and meet any applicable requirements of the CCPA or Data Protection Law. 
  4. Each Party shall comply with its respective obligations under the CCPA and Data Protection Law concerning the Processing of Customer Personal Data. 

3. DATA PROCESSING DETAIL

a. Data Subjects.  Customer may submit Customer Personal Data to vCom, the extent of which is determined and controlled by Customer in its sole discretion, and which may include Customer Personal Data relating to the following categories of data subjects: 

    i. Customer’s Authorized Users, employees, contractors, agents, or representatives;

b. Categories of Data.  Customer may submit Customer Personal Data to vCom, the extent of which is determined and controlled by Customer in its sole discretion, and may include the following categories of Customer Personal Data: 

    i. As to Customer’s Authorized Users, employees, contractors, agents, or representatives,contact details of the individual, which may include:name, job title, telephone number, business physical or mailing address, email address, or user IDs.   

c. Nature, Subject Matter, and Purpose of Processing.  The objective of Processing of Customer Personal Data by vCom is the performance of the Services pursuant to the Agreement. vCom shall only process Personal Data in accordance with Customer’s instructions.  

d. Duration of Processing.  Subject to Section 9 (Return or Deletion of Customer Personal Data After Termination) of this Addendum, vCom will process Customer Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.  

4. vCom PERSONNEL 

vCom shall use commercially reasonable measures to ensure that vCom personnel who may Process Customer Personal Data (I) comply with vCom’s technical and organizational security measures, including ensuring that they are subject to appropriate confidentiality obligations, and (ii) Process Customer Personal Data only as instructed by the Customer or as otherwise required by applicable law. 

5. SECURITY

  1. vCom shall implement commercially reasonable technical and organizational measures to ensure an appropriate level of security for Customer Personal Data, including, as appropriate, the measures referred to in Article 32(1) of the GDPR. In assessing the appropriate level of security, vCom shall take into account the risks of Processing Personal Data, in particular from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, Personal Data.  
  2. Adherence to an approved certification mechanism will be sufficient to demonstrate vCom’s(or a Subprocessor’s) compliance with its security obligations under this Addendum.  

6. SUBPROCESSING

  1. Customer authorizes vCom to appoint Subprocessors or Third Parties in accordance with this Section 6 and any restrictions in the Agreement. vCom may continue to use those Subprocessors or Third Parties already engaged at the date of this Addendum, subject to vCom’s compliance with the obligations set out in Section 6(c) with respect to such Subprocessors or Third Party. 
  2. vCom shall maintain a list of its Sub-processors or Third Parties, which may be updated from time to time. If you would like to subscribe to the current list of our Sub-processors or Third Parties with whom we share personal information, you may sign up here. Under California law, such Sub-processors may also be known as a Third Party. 
  3. vCom shall ensure that each Subprocessor is governed by a written contract that imposes data protection obligations at least as protective as those of this Addendum.

7.DATA SUBJECT REQUESTS

  1. Taking into account the nature of the Processing,vCom shall implement processes and maintain procedures to enable Customer to fulfill its obligations under the Data Protection Law to respond to Data Subject or Consumer Requests. 
  2. If vCom receives a request directly from a Data Subject or Consumer under the Data Protection Law with respect to Customer Personal Data, then to the extent legally permissible, vCom will advise the Data Subject or Consumer to submit his or her request to Customer or Business, and Customer/Business will be responsible for responding to any such request. For California consumers, any such request will be handled by vCom within accordance of applicable law.

8. PERSONAL DATA BREACH

  1. vCom shall notify Customer without undue delay upon vCom’s confirmation of any Personal Data Breach affecting Customer Personal Data. 
  2. vCom shall provide Customer with information regarding such Personal Data Breach as required by the Data Protection Law. 
  3. vCom shall use commercially reasonable efforts to: (i) identify the cause of such Personal Data Breach; and (ii) remediate the cause of such Personal Data Breach within vCom’s systems, to the extent such remediation is within vCom’s reasonable control. 
  4. The obligations of this Section 8 will not apply to Personal Data Breaches caused by Customer or its personnel. 

9. RETURN OR DELETION OF CUSTOMER PERSONAL DATA AFTER TERMINATION

  1. Customer may request the return or deletion of Customer Personal Data as provided in Section 7(h) (Return and Retention of Data) of the Terms.
  2. vCom and any Subprocessor may retain Customer Personal Data (i) to the extent necessary to comply with applicable law (including but not limited to tax or regulatory authority audit requirements), (ii) to respond to support requests, and (iii) in backups and historical archives in accordance with vCom’s standard backup and archival procedures (unless prohibited by the Data Protection Law and provided that all Customer Personal Data will continue to be subject to this Addendum until deleted). 

10. AUDIT RIGHTS

Upon written request, vCom shall make available to Customer all information reasonably necessary to demonstrate compliance with this Addendum. If Customer reasonably considers the information made available to Customer as insufficient to demonstrate compliance with this Addendum, then vCom will allow an audit by Customer (or its designated appointees) with respect to vCom’s processing of Customer Personal Data. Any such audit shall be conducted remotely (unless otherwise required by a supervisory authority), and in accordance with vCom’s reasonable security requirements. Customer shall reimburse vCom for any time expended by vCom for the audit at vCom’s then-current professional services rates. Prior to audit commencement, Customer and vCom shall mutually agree upon the scope, timing and duration of the audit. Customer shall promptly notify vCom of any non-compliance discovered during the audit. All results of the audit shall be subject to the confidentiality obligations of the parties under the Terms and Data Protection Law. 

11. CALIFORNIA CONSUMER PRIVACY ACT OF 2018

vCom is a Service Provider as defined in CCPA Section 1798.140(v), and Customer (or “Business”) discloses certain Personal Data to vCom solely for a valid business purpose and for vCom to perform the contracted services. vCom is prohibited from selling personal data, retaining, using or disclosing Personal Data for a commercial purpose other than providing the services, or retaining, using, or disclosing Personal Data outside the Agreement between vCom and Customer. vCom certifies it understands and will abide by these regulations.  

12. GENERAL PROVISIONS

Except as amended by this Addendum, the Terms remain in full force and effect. This Addendum shall automatically expire on the termination or expiration of the Agreement, except with respect to any Customer Personal Data retained by vCom after such termination or expiration. 

To the extent that vCom processes Personal Data in the course of providing the Services, each party acknowledges that, for purpose of these Data Protection Laws, Customer is the Controller (or the Business) of the Personal Data and vCom is the Processor (or Service Provider). For avoidance of doubt, Customer will assume the role of Controller/Business for any and all Personal Data that it collects and processes which is not Personal Data collected and processed by vCom on behalf of  Customer.