OpenEnvoy is the data controller in relation to the personal information we process in connection with our websites (including job applications submitted through our websites) and is primarily responsible for how our website users’ personal information is processed. OpenEnvoy is the data processor in relation to the personal information we process in connection with our products and services and we process such information only on behalf of and upon the instruction of the relevant customer.
We may collect information about a variety of individuals who interact with OpenEnvoy, including visitors to our websites, our customers as well as their employees or contractors, and others.
We may collect information about individuals:
In this section, we set out the purposes for which we process personal information and identify the legal grounds on which we rely to process the information.
In some cases, OpenEnvoy has a legitimate interest to process the personal information that we collect, such as to support our recruitment activities, administer our products and services (including to support, communicate about, and analyze the use of our products and services), establish and maintain customer accounts, and operate, evaluate, and improve our business, our websites, and other products and services we offer (including research and development of new products and services), or facilitate a sale of assets or merger or acquisition.
In other cases, OpenEnvoy processes personal information to fulfill our contracts with our customers and provide the requested products and services.
OpenEnvoy may also process personal information with individuals’ consent, for which individuals will receive notice at the time of collection.
In limited situations, it may be necessary for OpenEnvoy to process personal information in order to comply with our legal obligations, such as to protect against, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites, products or services), claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide.
We may also aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose, and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis as well as business planning – without restriction.
In addition, we may share personal information to comply with legal and regulatory requirements to protect against and prevent fraud or illegal activity, (such as identifying and responding to incidents of hacking or misuse of our websites, products or services), claims, and other liabilities.
We, our service providers, and our business partners may collect certain information about the use of our website by automated means, such as cookies, web beacons, and other technologies. A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected devices to uniquely identify the visitor’s browser or store information or settings in the browser. Please see our Cookies Policy for further information. A “web beacon,” also known as an Internet tag, pixel tag, or clear GIF, is used to transmit information back to a web server. We, and our service providers and business partners, may collect information about individuals’ online activities over time and across third-party websites when an individual uses our website.
Some of the business partners that collect information about users’ activities on our websites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. For example, users may opt-out of receiving targeted advertising on websites through members of the Network Advertising Initiative or the Digital Advertising Alliance. European users may opt-out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance, selecting the user’s country, and then clicking “Choices” (or similarly-titled link). Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.
Our retention periods for personal information are based on business needs and legal requirements. We retain personal information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible related purpose. When we no longer need the personal information we collect, we either irreversibly anonymize the information (in which case, we may further retain and use the anonymized information) or securely destroy the information.
Individuals have certain rights and may make certain choices regarding OpenEnvoy’s processing of their personal information.
Please note that if the exercise of these rights limits our ability to process personal information, we may be precluded from providing our products or services to individuals who exercise these rights, or from otherwise engaging with such individuals going forward.
We reserve the right to verify the identity of the individual in connection with any requests regarding personal information to help ensure that we provide the information to individuals whom the information pertains to and allow only those individuals or their authorized representatives to exercise rights with respect to that information.
You can make choices about OpenEnvoy’s collection and use of your data. How you can access or control your personal data will depend on which Sites or Services you use.
To the extent provided by applicable law, individuals may withdraw any consent previously provided to us or object at any time on legitimate grounds, to the processing of their personal information. We will apply these preferences going forward. In some circumstances, withdrawing consent to OpenEnvoy’s use or disclosure of personal information may mean that OpenEnvoy will no longer be able to provide certain products or services to individuals who withdraw consent.
Individuals may request access to the personal information OpenEnvoy maintains about them. If we grant this request, we will provide the individual with a copy of the personal information we maintain about them in the ordinary course of business, in a commonly used format. Individuals may request to correct any errors in their personal information. We may reject such requests to access or correct personal information, as permitted by applicable law. If we reject such requests, we will notify the requester of the reason(s) for the rejection.
Individuals may request that we delete their personal information. We may reject such requests, as permitted by applicable law. If we reject such a request, we will notify the requester of the reason(s) for the rejection.
Individuals may unsubscribe from receiving marketing or other commercial emails from OpenEnvoy by following the instructions included in the email or by contacting OpenEnvoy using the contact information below. However, even if an individual opts out of receiving such communications, we retain the right to send them non-marketing communications (such as changes in our website terms).
OpenEnvoy maintains reasonable administrative, technical, and physical safeguards designed to protect the personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use. However, we cannot guarantee that the measures we maintain will ensure the security of personal information. ibe from receiving marketing or other commercial emails from OpenEnvoy by following the instructions included in the email or by contacting OpenEnvoy using the contact information below. However, even if an individual opts out of receiving such communications, we retain the right to send them non-marketing communications (such as changes in our website terms).
We may provide links to websites and other third-party content that are not owned or operated by OpenEnvoy. The websites and third-party content to which we link may have separate privacy notices or policies. OpenEnvoy is not responsible for the privacy practices of any entity that it does not own or control.
This section provides information regarding Californian residents’ rights under the California Consumer Privacy Act (CCPA). The CCPA provides rights to California consumers to be notified about the collection, use and sale of their personal information, their right to request access to their personal information, request to opt out of the sale of personal information, request for deletion of personal information and the right to non-discrimination for exercising these rights.
You have a right to know about personal information OpenEnvoy has collected, used, or disclosed about you in the last 12 months. We do not sell personal information. You may exercise your rights allowed to you under the CCPA by completing and submitting this form here or by emailing to firstname.lastname@example.org. We may ask you to verify your identity prior to us fulfilling your request.
OpenEnvoy’s participation in the Privacy Shield applies to all personal data that is received from the European Union and Switzerland. OpenEnvoy will comply with the Privacy Shield Principles in respect to such personal data.
The types of personal data received by OpenEnvoy in the course of it providing its subscription service to a customer typically include names, addresses, email, network files (such as Expense Receipts, Microsoft Word, PowerPoint, Excel docs), HR Information, Supplier Address, Supplier Contact, Supplier Payment Information and image files. All data received by OpenEnvoy including personal data will be preserved in its original state throughout processing.
EU & Swiss individuals whose data has been transferred into the United States have the right to access that data. If OpenEnvoy holds this data in its capacity as a data processor, any individual requests for access will be referred to our appropriate customer, who is the controller of that data. If you are an EU or Swiss individual who wishes to exercise this right and you either do not know who your controlling data entity is, or you are unable to reach them, please refer to the “How To Contact Us” section of this policy below and we will assist you in locating the correct party.
We may be required to disclose an individual’s personal data in response to lawful requests from public authorities including to meet national security and law enforcement requirements.
OpenEnvoy will only use the data it receives from a customer for the specific purposes outlined in our agreement with that customer.
OpenEnvoy may share data with agent third parties. For more information on this data sharing practice, please refer to the, “How we share personal information,” section above.
OpenEnvoy remains liable for the onward transfer of EEA and Swiss personal data according with the Privacy Shield Principles including the onward transfer liability provisions. Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, or out of Switzerland, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation:
Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer. For further details, see EU Model Clauses for the transfer of personal information to third countries. For transfers to third parties in the United States, ensuring they participate in the EU-U.S. Privacy Shield Framework or Swiss-US Privacy Shield Framework. Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA or Switzerland.
In compliance with the Privacy Shield Principles, OpenEnvoy commits to resolve complaints about our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding our data privacy practices should contact here.
OpenEnvoy has further committed to refer unresolved Privacy Shield complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. The services of BBB EU Privacy Shield are provided at no cost to the individual.
As further explained in the Privacy Shield Principles, an individual has the option, under certain conditions, to invoke binding arbitration for complaints not resolved by any of the other Privacy Shield mechanisms noted above. Click here for more detailed information on binding arbitration provisions.
OpenEnvoy commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by the panel or Commissioner with regard to human resources data transferred from the EU or Switzerland in the context of the employment relationship.
317 South 6th
Las Vegas, NV 89138
Effective date: September 1, 2020.
Customize your cookie settings by going to the Cookie Preference Center
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating web domain on your subsequent visits to that domain. Most web pages contain elements from multiple web domains so when you visit the website, your browser may receive cookies from several sources.
Cookies are useful because they allow a website to recognize a user’s device. Cookies allow you to navigate between pages efficiently, remember preferences and generally improve the user experience. They can also be used to tailor advertising to your interests through tracking your browsing across websites.
Session cookies are deleted automatically when you close your browser and persistent cookies remain on your device after the browser is closed (for example to remember your user preferences when you return to the site).
We describe the categories of cookies OpenEnvoy and its service providers or business partners use at the Cookie Preference Center. You can customize your cookie settings there.
Furthermore, some parties that set cookies via our site may offer the ability to opt-out of cookies via the Network Advertising Initiative’s consumer opt-out tool, the European Interactive Digital Advertising Alliance’s consumer opt-out tool, or the Digital Advertising Alliance’s Consumer Choice Page.
Please note that this Cookies Policy does not apply to, and we are not responsible for, the cookie practices of third party websites which may be linked to this Website.
We may update this Cookies Policy and we encourage you to review the policy from time to time to stay informed of how we are using cookies.
This Data Processing Addendum (hereinafter “DPA”) is effective as of the “Effective Date” specified on the executed Order Form that incorporates this DPA by reference. This DPA is between the Customer (the “Controller”) and OpenEnvoy Inc (“OpenEnvoy”) having its offices at 317 South 6th, Las Vegas NV 89101. The Controller and OpenEnvoy are individually referred to as a “Party” and collectively as the “Parties”. This DPA supplements the OpenEnvoy Services Agreement between the Parties (“Agreement”) under which the Processor provides the Controller software and other services (the “Services”).
The Parties seek to implement this DPA in order to comply with the requirements of GDPR (defined hereunder) in relation to Processor’s Processing of Personal Data as part of its obligations under the Agreement. The terms “Process”, “Processing” and “Personal Data” used in this DPA shall have the same meaning as defined in the GDPR.
This DPA shall apply to OpenEnvoy’s processing of Personal Data, whether provided by the Controller or its data subject (the “Subject”) or/and its affiliates, its end users or otherwise, as part of OpenEnvoy’s obligations under the Agreement.
Except as modified below, the terms of the Agreement shall remain in full force and effect.
Capitalized terms not otherwise defined herein shall have the meaning given to them in the GDPR or the Agreement. The following terms shall have the corresponding meanings assigned to them below:
1.1. “Data Transfer” means (1) a transfer of the Personal Data from the Subject to Controller or to OpenEnvoy on behalf of the Controller; or (2) an onward transfer of the Personal Data from the Controller to OpenEnvoy, or between two establishments of OpenEnvoy, or with a Subprocessor by OpenEnvoy.
1.2. “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
1.3. “Standard Contractual Clauses” means the contractual clauses attached hereto as Schedule 1 pursuant to the European Commission’s decision (C(2010)593) of 5 February 2010 on Standard Contractual Clauses for the transfer of Personal Data to processors established in third countries which do not ensure an adequate level of data protection.
1.4. “Subprocessor” means a processor/ sub-contractor appointed by OpenEnvoy for the provision of all or parts of the Services and who Processes the Personal Data as provided by the Controller and/or OpenEnvoy.
This DPA sets out various obligations of OpenEnvoy in relation to the Processing of Personal Data and shall be limited to OpenEnvoy’s obligations under the Agreement. If there is a conflict between the provisions of the Agreement and this DPA, the provisions of this DPA shall prevail.
The Controller authorizes OpenEnvoy to Process such Personal Data the extent of which is determined and controlled by the Controller. The current nature of the Personal Data is specified in Appendix 1 to Schedule 1 to this DPA.
The objective of Processing of Personal Data by OpenEnvoy shall be limited to OpenEnvoy’s provision of the Services to the Controller/ its Subject, pursuant to the Agreement.
The Controller warrants that it has the right and authority to request OpenEnvoy to Process the Personal Data and that its instructions for the Processing of Personal Data shall comply with applicable data protection laws and regulations. The Controller shall have sole responsibility for the accuracy, quality, and legality of Personal Data, and the means by which the Controller acquired Personal Data.
OpenEnvoy will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing by the Controller.
a. OpenEnvoy will follow written and documented instructions received, including by email, from the Controller, its affiliate, agents or personnel, with respect to the Processing of Personal Data (each, an “Instruction”).
b. The Processing described in the Agreement and the relating documentation shall be considered as Instruction from the Controller.
c. At the Controller’s request, OpenEnvoy will provide reasonable assistance to the Controller in responding to/ complying with requests / directions by Data Subject in exercising their rights or of the applicable regulatory authorities regarding OpenEnvoy’s Processing of Personal Data.
To Process the Personal Data, OpenEnvoy will only use personnel who are (i) informed of the confidential nature of the Personal Data, (ii) actually performing the Services in accordance with the Agreement. Further, OpenEnvoy will maintain appropriate technical and organizational measures for protection of the security, confidentiality and integrity of the Personal Data. For this clause, an email form of communication by the Parties in determining project specific security standards shall be accepted.
a. Upon Controller’s reasonable request, OpenEnvoy will make available to the Controller, information as is reasonably necessary to demonstrate OpenEnvoy’s compliance with its obligations under the GDPR or other applicable laws in respect of its Processing of the Personal Data. When the Controller wishes to conduct the audit (by itself or through a representative) at OpenEnvoy’s site, it shall provide at least fifteen (15) days’ prior written notice to OpenEnvoy; OpenEnvoy will provide reasonable cooperation and assistance in relation to audits, including inspections, conducted by the Controller or its representative.
b. The Controller shall bear the expense of such an audit.
If the Agreement requires Data Transfer for the purpose of Processing by OpenEnvoy from a country in the European Economic Area (the “EEA”) to a country outside the EEA the Parties agree to be bound by the Standard Contractual Clauses. Where the transfer of Personal Data outside of the EEA is required for the performance of the Agreement and such model clauses have not been executed at the same time as the Agreement or this DPA are accepted, the Standard Contractual Clauses shall be deemed in effect for the purposes and duration of the Agreement upon acceptance of the Agreement or this DPA.
a. The Controller acknowledges and agrees that OpenEnvoy may engage third-party Subprocessor(s) in connection with the performance of the Services, provided such Subprocessor(s) take technical and organizational measures to ensure confidentiality of Personal Data shared with them. If Subprocessor(s) do comply with the aforementioned requirement, it will be deemed that the Controller has approved appointment of such Subprocessor(s). In accordance with Article 28(4) of the GDPR, OpenEnvoy shall remain liable to Controller for any failure on behalf of a Subprocessor to fulfill its data protection obligations under the DPA in connection with the performance of the Services.
b. OpenEnvoy shall execute the appropriate written agreements with the Subprocessors in accordance with, and not less protective than, the provisions of this DPA.
c. If the Controller has a concern that the Subprocessor(s) Processing of Personal Data is reasonably likely to cause the Controller to breach its data protection obligations under the GDPR, the Controller may object to OpenEnvoy’s use of such Subprocessor and OpenEnvoy and Controller shall confer in good faith to address such concern.
a. OpenEnvoy shall maintain defined procedures in case of a Personal Data Breach (as defined under the GDPR) and shall without undue delay notify Controller if it becomes aware of any Personal Data Breach, unless such Data Breach is unlikely to result in a risk to the rights and freedoms of natural persons.
b. OpenEnvoy shall provide the Controller with all reasonable assistance to comply with the notification of Personal Data Breach to Supervisory Authority and/or the Data Subject, to identify the cause of such Data Breach and take such commercially reasonable steps as reasonably required to mitigate and remedy such Data Breach.
c. Processor’s notification of or response to a Personal Data Breach under this DPA will not be construed as an acknowledgement by OpenEnvoy of any fault or liability with respect to the data incident.
Within thirty (30) days of the expiration or termination of the Agreement, OpenEnvoy will delete or otherwise destroy all the Personal Data of Controller still in OpenEnvoy’s possession.
Having regard to the state of technological development and the cost of implementing any measure
OpenEnvoy will take appropriate technical and organizational measures against the unauthorized or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (a) the harm that might result from unauthorized or unlawful processing or accidental loss, destruction or damage; and (b) the nature of the data to be protected.