ERICOM SOFTWARE PRIVACY NOTICE

(Last updated on 31 January 2024)

INTRODUCTION

On behalf of Ericom Software Ltd. and all of its Affiliates worldwide (“we”, “us”, “our” or “Ericom”) respect your right to privacy. Your ability to make informed choices about the use of your information is important to us. This Privacy Notice (Notice) explains our policy regarding the collection, use, disclosure, and protection of information we receive when you visit our websites, message boards, chat features, and blogs (the “Sites”) and/or use our products and services (collectively, with the Sites the “Services”), as well as your ability to control certain uses of the collected information. “You” means any user of the Sites or Services, as well as any of Ericom’s customers (“Customer”) or End User of any Customer, prospective Customer, End User, event attendee or recipient of our marketing materials.

Please note that capitalized terms have definitions that you can review in our Definitions section below.

This Notice describes the Personal Data we collect, how we use this information, and with whom it is shared. We also let you know how you can exercise your privacy rights and contact us for any questions or concerns.

By using our Services, you are agreeing to the practices described in this Notice and if you have any questions at all about this Notice, please do not hesitate to contact us at privacy@cradlepoint.com.

Ericom Sites may link to third-party websites that are not controlled by us and that do not operate under our privacy practices. When you link to third-party websites, our privacy practices no longer apply. We encourage you to review each third-party’s privacy policy to understand their privacy practices.

PART I: HOW TO CONTACT US FOR QUESTIONS/COMMENTS

We value your opinion. If you have concerns or comments about Ericom’s Privacy Notice or how we handle your Personal Data, please email our Privacy Team at privacy@cradlepoint.com.

Additionally, you can reach our privacy team via postal mail:

Ericom Software Ltd., c/o Regus
Attn: Privacy
28 Dam Hamacabim Street
Modi’in 7178594
Israel

and our registration number is 51-189151-7.

Or you can mail our parent company:

Cradlepoint, Inc.
1100 West Idaho Street, Suite 800
Boise, ID 83702
USA
Attn: Privacy Department

PART II: WHAT DATA WE COLLECT & HOW WE COLLECT IT

When we use the term “Personal Data,” we mean information that identifies, relates to, describes, is reasonably capable of being associated with, linked, directly or indirectly, to an individual. Also, when we use the term “we” or “Ericom” we mean Ericom and/or the Affiliate with whom you or your company are doing business.

When you visit our websites, request a product, Service or register for an event or webinar or reach out to a member of our team or sign up for an account to use our products/Services, or otherwise engage us, we collect certain information.

Website or Mobile App Visitors:

When you visit our websites to learn more about us, register a product license, sign up for a trial demo, register for an event, use our Mobile App or reach out to a member of our team via website chat, we collect certain information to help us manage our relationship with you. The following Personal Data may be collected:

Log Files: We may gather certain information about your device and store it in log files. This information may include but is not limited to Internet Protocol (IP) addresses, system configuration information, browser type and settings, version number, operating system, URLs of referring pages, and locale or language preferences information about your computer or device, including browser type and settings, version number, time zone setting.
Interactions: We may collect your interaction with our websites or mobile apps, including documents downloaded, pages visited, webinar registrations, surveys completed, blogs, comments and feedback on our products.
Requests for More Information and/or Trial Subscriptions and to Register a Product License or Activation Key: We may collect your contact information (such as your name, company, job title, address, telephone number or email address), professional information (such as your employer’s name, address, job title, department or job role). Additionally, we may collect information about products in which you are interested or have purchased, including license keys.
Cookies and other tracking technologies: We may use cookies and other information-gathering technologies for a variety of purposes, such as providing us with information about how you interact with our websites and assisting us in our marketing efforts. For more information about the cookies Ericom uses and your privacy choices, please see our Cookie Policy.
Chat: We may use the information that you provide us in a chat link on our website which may include contact details and other data that you choose to share with us to learn more about our Services.

Prospective Customers, Customers, and Users:

We collect Personal Data about you to provide the Services to your company, our Customer, pursuant to our Terms of Use.

If you interact with our Services, we may receive your Personal Data. When we use the term “End User”, we mean the following (and as further defined in the Definitions section below):

Individuals who are authorized by our Customer to access or use our Customers’ domains, networks, websites, application programming interfaces, and applications;
Customers’ employees, administrative End Users, consultants, agents, or contractors, for whom our Customers have purchased a subscription or otherwise provisioned a Service; and
Individuals to whom Customers (or when applicable, Ericom at Customer’s request) have provided login credentials.

We may collect and process the following Personal Data to provide the Services:

Contact Details: When you register for an account, acquire licenses, purchase software or use and access our Services, we collect your contact information. This may include Personal Data such as your name, company name, Customer id, user id and password, you and your account administrator(s) business email address(es) and/or telephone number, and business postal addresses, your country or region and possibly geolocation if your account administrator has configured our product to collect this information.
Configuration Data: In addition, when you use our Services, we collect information about how you configure your account and our Services. This Personal Data is required to enable your access to your Ericom account and Services purchased by your company, our Customer.
Geolocation Data: If our Customer enables geolocation within our Service, we may collect geolocation data of a device and possibly an End User, in order to provide the Services to our Customer.
Content Data: We may collect electronic data and information transmitted by or on behalf of your company through the use of the Services.
Usage Data: We may collect or process certain data relating to the performance and configuration of the Services, and our Customers’ and their End Users’ consumption of and interaction and use of such Services and other Usage Data. Usage Data is generally technical information obtained from product software or systems hosting the Services, devices accessing these Services and/or log files generated during such use.
General or Sales Inquiry: We may collect or process inquiry and communications information, including information provided in custom messages sent through the forms, in chat messages, to our email addresses, or via phone. This also includes information provided in order to subscribe to any of our newsletters (such as email address) or contact information provided on our Services.
Marketing Data: You may provide us with your contact information and preferences for receiving our marketing communications.
Transaction and Payment Information: We may collect information such as products or licenses purchased, date and time of your transaction, amounts paid, and payment information, such as your credit card and/or bank account information. We use this information to fulfill your purchase and facilitate the usage of our Services.
Technical Support: When our Services encounter an unexpected error, you may be asked to submit a Customer support case, which may contain Personal Data. To assist with service issues, usage data, geolocation information, and device data like serial number and similar device identifiers, settings, language preferences, and software versions may be collected.
Audio or Visual Information: We may collect certain information including recordings of customer service or support calls, for quality assurance and internal training purposes.
Statistical and performance information: Ericom may derive statistical and performance information relating to our Customer’s use of our Services.
Administrative End User Activity: We also maintain logs of users’ activity (e.g., actions taken to configure settings in Customers’ account). Customers may configure the retention and subsequent deletion of their logs as required.

In connection with your organization’s deployment of certain Services, Ericom may automatically collect information in relation to your use of the Services. This Personal Data may include:

End User Usage Data: We may collect or process certain data relating to IP addresses, traffic routing data, system configuration information, and other information about traffic to and from Customers’ websites, devices, applications, and/or networks for the End User. We share this data with our Customers via a service dashboard or other online interfaces.
Metadata: Ericom may collect Personal Data relating to End User behavior including IP address, device ID, username, email address (as associated with the Customer account for authentication purposes), as well as End User network access and browsing activity End User with date and time stamps in order to direct traffic, regulate access, and enforce policies created by Customer and solely at Customer’s instruction and direction and as configured by the administrative End User.
Content Data: Ericom may collect and process Content Data in order to provision certain Services, such as the Remote Browser Isolation product. This may include web traffic data or files downloaded from the internet. If enabled, Ericom will inspect content data for malicious software and remove any malicious activity from these activities. Upon conclusion of the session, all data is deleted.

Customers and their administrative End Users can control the data that is collected, retained and shared with us. We provide information about how our Customers may configure our products to enable Customers to make choices when using our products.

If you are an individual user of Ericom Services and you require more information regarding our data collection practices for Services deployed by your organization, please contact your IT administrator for the Services.

Event Attendees:

If you register and access one of our events, webinars or conferences, we may collect the following information:

Contact Details: We may ask for and collect Personal Data such as your name, company name, address, phone number and email address to register you for an event, webinar or conference; and
Image and voice: We may record your voice and/or image during your participation in reviews of products and contests, surveys, webcasts, and events involving our Services.

Business Partners:

When you collaborate with us a business partner, such as an authorized reseller, distributor, or systems integrator authorized by Ericom to sell Services or partner with us on general business activities, we may collect the following Personal Data from you in order to provide you with access to the Services and manage our relationship with you and your company:

Business Contact Details: Name, email address, signature, address, telephone number;
Commercial Information: Billing and transaction information, including related commercial information, such as records and history of Services purchased or considered for order fulfillment; and
Business Information: Company details including location, Corporate financials, Business insurance or related information.

Learning Management Platform:

As Customer, administrative End User or Business Partner, you may have access to our organizational learning platform. To provide you with trainings, we may collect the following Personal Data:

Contact Details: Name, email address;
History of Trainings: Types of trainings that you have taken and dates you took them; and
Analytics: In certain cases, analytics on efficacy and impact of trainings on Services sold.

Other Ways We May Collect Your Personal Data from Third Parties

Third Party Data: We may also obtain information about you from third party sources unless prohibited by applicable law, such as from public databases, resellers and Channel Partners, marketing partners, social media platforms, event organizers or other publicly available information.

From third-party marketing partners, social media databases and publicly available information – we may receive information such as name, business email address, job role or title, company, business phone number, office location, information about your product or service interests or preferences, page-view information from business partners with which we operate co-branded Services or joint offerings. We may use this information for the purposes set forth in this Notice, such as, for example, improving the accuracy of our records, better understanding you and your preferences, providing relevant marketing and support, and detecting and preventing fraud.

From resellers and/or Channel partners – we may receive information such as name, business email address, job role or title, business phone number, office location, or information about your product preferences, which we use to provide our services to you, such as fulfillment of orders and provisioning of services.

Social Media: When you interact with us through various social media networks, such as Google, Facebook, LinkedIn, Twitter, or other social networks we may receive some information about you.

The interactions can be:

You “like” us on Facebook or
You “follow us” on LinkedIn or
You “share” our content on Twitter or
You “log into” another account via your Social Media account or similar interactions.

The amount and type of information we may receive about you depends on your privacy settings for the sharing of information with third-parties. We may receive the following information:

Your profile information, including but not limited to picture, username, user ID associated with your social media account; and
User characteristics, including age range, gender, language, country, and any other information you permit the social network to share with third parties.

You should always review and, if necessary, adjust your privacy settings on third-party websites and social media networks and Services before sharing information and/or linking or connecting them to other Services.

PART III: HOW WE USE YOUR PERSONAL DATA

Ericom uses Personal Data it collects for the following purposes (unless otherwise restricted by applicable law).

Facilitate the Delivery of the Services: Ericom may use Personal Data to provide you with the Services, to manage your account, and to communicate with you about your use of our Services. This may include managing software downloads, updates and fixes, and sending other administrative or account-related communications, including release notes.
Manage Ericom and its day-to-day business operations.
Facilitate and improve website or mobile applications: Ericom may use Personal Data to provide you with online Services, to facilitate your use of the online Services (such as facilitating navigation and the login process, preserving information between sessions and enhancing security), to improve quality, to evaluate page response rates and personalize and determine helpful content.
Communicate and Respond to Sales and General Requests: Ericom may use Personal Data to communicate with you, respond to your requests or provide information requested by you, notify you about changes to Ericom’s Services, including via email, chat, social media and/or telephone calls.
Improve our Services: Ericom uses Personal Data to better understand our Customers, users and website visitors and the way they use and interact with the Services. Ericom uses this information to provide a personalized experience, to implement the preferences you request, to improve quality and reliability, to diagnose issues with and improve the Services and related user experiences, to make recommendations; and to develop new products to meet our Customers’ changing needs.
Provide Technical Support: Ericom uses Personal Data and other data Ericom collects from you, in combination with other data we may have, in order to provide you with support in relation to provide you with the information, products, and Services that you request from Ericom.
Post Testimonials: Ericom may use Personal Data to post testimonials on its Online Services. Prior to posting a testimonial, we will obtain your consent to use your your name, image and/or voice, and testimonial. You can request your testimonial be updated or deleted at any time by sending a request with your name, testimonial location and contact information to privacy@cradlepoint.com .
Marketing: Ericom will use information it obtains from you, your interactions with Ericom over time and across our Services, and from third party sources to provide you with marketing and promotional communications, to deliver targeted and relevant advertising and marketing to you with your consent, to determine the effectiveness of our marketing and promotional campaigns, to better understand you and your preferences, and to position and promote our Services. Our marketing will be conducted in accordance with your advertising / marketing preferences and as permitted by applicable law.
Events: To communicate with you about our events or our partner events. To register you for and provide you access to events and webinars.
Trainings and Certifications: To provide trainings and certifications through our organizational learning platform.
Security: To help monitor, prevent, and detect fraud, enhance security, monitor and verify identity or access, and combat spam or other malware or security risks.
Legal: To enforce our Terms of Use, to resolve disputes, to conduct our legal obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties. To prevent, investigate, or provide notice of fraud or unlawful or criminal activity, including compliance with law enforcement requests.
Account Administration: Ericom may also use Personal Data to track entitlements, verify compliance, control access to the Service, and maintain the security and operational integrity of the Ericom infrastructure and our Services.
Contract Management: To carry out our obligations arising from any contracts entered between you and Ericom.
Improve the Accuracy of our Records: We may use the Personal Data we receive from you or third parties to better understand you and/or maintain and improve the accuracy of the records we hold about you.
For any other lawful purpose, or other purpose to which you consent.

PART IV: HOW AND WITH WHOM WE SHARE YOUR DATA

We take care to allow your Personal Data only to be accessed by those who really need it in order to perform their tasks and duties, and to share it with others who have a legitimate reason for accessing it. We may share Personal Data with:

Affiliates: We may share your information with our subsidiaries and entities that we directly or indirectly control and our parent companies, Cradlepoint, Ericsson and its affiliates, subsidiaries and/or entities that it directly or indirectly controls or are controlled by.

Click here for more information about Cradlepoint’s privacy practices.
Click here for more information about Ericsson’s Privacy Policy and Binding Corporate Rules.

This information may be shared with our Affiliates to provide Services and support, provide recommendations to optimize product and service use, to provide Customers and prospective Customers with information about the range of available Services, and for the purposes otherwise described in this Notice. Please see the Subprocessor List below for a complete list of Affiliates.

Customers: Your Employer / Company: If you interact with our Services through your employer or company, we may disclose your information to your employer or company, including another representative of your employer or company.

Business Partners: We may provide your information to our business partners to fulfill product and information requests, to effectively deliver unified support, and to provide Customers and prospective Customers with information about Ericom and its Services. From time to time we may enter into certain select marketing relationships with advertisers and other business partner that provide products or Services that we believe may be of interest to users of the Services. If you purchase or specifically express interest in a jointly-offered product, promotion or service, we may share relevant Personal Data with those partners.

Service Providers: Agents, vendors, consultants and service providers (sub-processors) that act on our behalf to support our Services, such as technology Services (e.g. web hosting, infrastructure provisioning and operational Services) or payment card Services (e.g. processing Customer payments on our behalf) subject to confidentiality obligations set out in the executed contracts with the service providers. We contractually prohibit our service providers from retaining, using, or disclosing information about you for any purpose other than performing the Services for us. Additional information about the sub-processors we use to support our service delivery can be found below.

List of Subprocessors

Subprocessor	Purpose	Location(s)
DataDog	Operational Monitoring	United States
Oracle Cloud Infrastructure (OCI)	Service Delivery (Cloud infrastructure provider)	Region configurable by customer: United States, Australia, Brazil, Canada, Dubai, Germany, India, Israel, Italy, Japan, Republic of Korea, Saudi Arabia, Switzerland, Sweden, United Kingdom, Singapore, France, Mexico, Spain, South Africa
Amazon Web Services, Inc.	Service Delivery (Cloud infrastructure provider)	United States, Israel, Japan, Canada
Salesforce	Customer Relationship Manager (“CRM”)	EU – Germany and France
Atlassian	Ticketing system, operational monitoring and documentation	United States
Amazon S3	Service Deliver (object store)	United States, United Kingdom, Germany
Amazon S3	Customer log shipping	Per customer request: United States, United Kingdom, Germany, India, Italy, Israel
Pager Duty, Inc.	Customer Support Engagement	United States
Amazon Aurora	Service Delivery (db)	United Kingdom, United States
Kafka	Service Delivery (message queues)	United States, United Kingdom, Germany
SASA	Service Delivery (CDR engine)	Israel, United Kingdom
Google DLP	Service Delivery (DLP engine)	Multi-Region – Europe
Elastic Search	Troubleshooting logs	United States, United Kingdom, Germany
Status Cake	Operational Monitoring	United Kingdom
Authorize.net (Subsidiary of Visa)	Customer Payment Processing	United States, Singapore, Australia, United Kingdom
Paypal	Customer Payment Processing	United States, United Kingdom, Luxembourg

Depending upon location, Cradlepoint may also use one or more of the following Affiliates as Sub-processors.

Affiliate Entity	Purpose	Country Location(s)
Cradlepoint Australia Pty. Ltd.	Maintenance & Support	Australia
Cradlepoint S.R.L.	Maintenance & Support	Italy
Cradlepoint Canada Inc.	Maintenance & Support	Canada
Cradlepoint GMBH	Maintenance & Support	Germany
Cradlepoint B.V.	Maintenance & Support	Netherlands
Cradlepoint Singapore Pte. Ltd.	Maintenance & Support	Singapore
Cradlepoint UK, Ltd.	Maintenance & Support	United Kingdom
Cradlepoint De España SL.	Maintenance & Support	Spain
Cradlepoint Sweden AB	Maintenance & Support	Sweden
Cradlepoint France S.A.S	Maintenance & Support	France
Cradlepoint Mexico	Maintenance & Support	Mexico
Cradlepoint South Africa	Maintenance & Support	South Africa
Cradlepoint India	Maintenance & Support	India
Cradlepoint Japan	Maintenance & Support	Japan
Cradlepoint Malaysia	Maintenance & Support	Malaysia
Ericom Software Ltd.	Maintenance & Support	Israel
Ericom Software UK Ltd.	Maintenance & Support	United Kingdom
Ericom Software Inc.	Maintenance & Support	United States
Ericsson A.B.	Maintenance & Support	Sweden
Ericsson Inc.	Maintenance & Support	United States

Advertising Partner or Marketing Services (e.g., marketing providers to update you about our Services): We work with third-party ad networks and advertising partners to deliver advertising and personalized content on our Services, on other websites and Services, and across other devices. These parties may collect information directly from a browser or device when an individual visits our Services through cookies or other data collection technologies. This information is used to provide and inform targeted advertising, as well as to provide advertising-related Services such as reporting, attribution, analytics, and market research. Please see our Cookie Policy for more information.

Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, dissolution, corporate reorganization or similar event. We will inform any buyer that your information shall only be used in accordance with this Privacy Notice.

Legal Requirements: We may share or transfer your information to comply with laws or the requirements of any competent law enforcement body, regulatory body, government agency, court or third party. We may disclose information where we believe disclosure is necessary or required (i) by law or regulation, in order to comply with legal process or government requests (including in response to public authorities to meet national security or law enforcement requirements); or (ii) to exercise, establish or defend our legal rights.

Aggregated/ De-identified Information: We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). Aggregate/De-Identified Information may be used to determine the demographic composition of our user base and to distribute statistics and general marketplace information about Ericom. We may use, transfer, or disclose Aggregate/De-Identified Information for any purpose, including to describe the Services to prospective partners and other third parties and for other lawful purposes.

With your consent: We may disclose Personal Data for any other purpose with your consent. For example, with your consent or direction, we may post your testimonial on our Sites or service-related publications.

PART V: SECURITY AND RETENTION

Security

Ericom maintains (and also requires its service providers to maintain) reasonable and appropriate organizational and technical measures to protect the security and confidentiality of any Personal Data we process. For example, Ericom employs physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. Ericom staff who may have access to Personal Data are required to keep that information confidential. However, no security procedures or protocols are ever guaranteed to be 100% secure and so we encourage you to take care when disclosing Personal Data online.

Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, data loss or a data breach will never occur.

Security measures you can take: Cloud services follow a shared responsibility model where the Cloud Service Provider is responsible for the security of the service, while the Customer is responsible for the security of their use of the service. There are best practices that you can do to secure your account, such as enabling two-factor authentication for your account. Additionally, you must keep your account secure with a confidential password and not disclose them publicly or to unauthorized individuals — this includes accidentally distributing them in source code or shared repositories. Please let us know right away if you think your password or account was compromised or misused.

Similarly, if you provision an API Key, you should keep your secret, well… secret. You should store your API Key, Account SID, and secret in a secure location.

How we use Personal Data Personal Data for security purposes

We may collect and use Customer Data or Customer Usage Data to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and Services. In addition, we also use records containing End User Personal Data to debug, troubleshoot, or investigate security incidents; to detect and prevent spam or fraudulent activity; and to detect and prevent network exploits and abuse. We may anonymize Personal Data and use it for our legitimate business needs.

Retention

We keep your Personal Data to enable your continued use of Ericom Services, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Notice, or as may be required by law (including for tax and accounting purposes), or as otherwise communicated to you. How long we retain specific Personal Data varies depending on the purpose for its use, and we will delete your Personal Data in accordance with applicable law.

If you have any questions about the security of your Personal Data or our retention practices, please contact us at privacy@cradlepoint.com.

PART VI: YOUR PRIVACY RIGHTS AND CHOICES

At Ericom, we believe that you have choices about the information that pertains to you or your business. We give you with choices to manage the privacy of your Personal Data that is under our control, wherever you are located. You can update your preferences or request the following:

Data Access: In certain instances, to request that we provide you with a copy of the Personal Data we hold about you.
Data Deletion/Right to be forgotten: In certain instances, to request that we delete or remove Personal Data.
Data Correction: In certain instances, to correct incomplete or inaccurate data we hold about you.
Object to processing: In certain instances, to object to our processing if you feel it impacts your fundamental rights and freedoms in cases we rely on our legitimate interest (or those of a third party).
Data Portability: In certain instances, to request the transfer of your Personal Data to you or to a third party in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Consent for sensitive data: As our potential Customer, a consumer, we only process your sensitive data after you have given us your free, specific, informed and unambiguous consent.
Withdraw your Consent: Where we previously obtained your consent, to withdraw consent to continued processing of your Personal Data. However, this will not affect the lawfulness of any processing completed before you withdraw your consent.
Opt-out of sales or sharing: To request that we do not “sell” or “share” your Personal Data as “sell” and “share” are explicitly defined under relevant U.S. state law as further discussed in the U.S. Privacy Law Notice below.
Cookies and other tracking technologies: To opt out of interest-based advertising and profiling by selecting only necessary cookies in our cookie banner and as further discussed in the U.S. Privacy Law Notice below.
Do not track: To opt out of targeted advertising with your browser’s “Do Not Track” settings concerning targeted advertising. Ericom supports the Global Privacy Control setting.
Email Communications Preferences: To stop receiving promotional email communications from us, please click on the “unsubscribe” link provided in such communications. You may not opt-out of Services-related communications (e.g., account verification, transactional communications, changes/updates to features of the Services, technical and security notices).
Push Notifications: To stop receiving push notifications from us, please change your preferences in the iOS or Android notifications settings menu.

Nondiscrimination: You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you our Services; increasing the price/rate of the Services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.

Requests if we are the Controller of your Personal Data: If we are the Controller of your Personal Data (for example, you are a prospective Customer or visitor to our website) and wish to exercise these rights, please submit an email to privacy@cradlepoint.com with the following information:

Full Name
Associated Email
Request Type (Access, Deletion, Correct/Update, Stop Processing Data or Other Privacy Inquiry)
In what capacity you have interacted with us (ie. Customer, Employee, Job Applicant, Marketing Contact, etc.)
Country of Residence
Any additional request details that you wish to provide.

If Ericom acts as the Data Controller, we may need to verify your identity and authority to make the request and confirm the Personal Data relates to you and/or your household (as applicable) before responding to your Privacy Rights request. Please also be aware that Ericom may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.

Requests if we are a Processor of Your Personal Data: If we are a Processor of your Personal Data with respect to provision of Services (for example, you are an End User of our products or employee of our Customer), we do not have control over your Personal Data and you will need to reach out to our Customer (the Controller, which could be your employer) to exercise your privacy rights.

Right to Appeal. If we do not take action on your Privacy Rights request within the legally required response period, we will inform you in writing of the reasons for not taking action, as well as provide an explanation of any rights you have to appeal the decision.

File a complaint. You have the right to file a complaint about our collection and processing of your Personal Data with your country’s supervisory authority or with your US State Attorney General.

If you have a complaint, we would appreciate the chance to talk with you about your concerns. Please reach out to us first at privacy@cradlepoint.com.

PART VII: GDPR AND US PRIVACY LAW

You should be aware that data privacy laws can vary in different jurisdictions where Ericom operates and has employees. Our intent is to comply with all local laws, but where local laws are stricter or different than described in this Notice, we have adopted the privacy practices to satisfy those stricter requirements. Where local laws are less strict than this Notice, the terms described in this Notice will apply. Additional notices may apply to you based upon the regulations that apply to your country or US state of residence.

GENERAL DATA PROTECTION REGULATION (GDPR)

If you are a resident of the European Economic Area (EEA) or the United Kingdom (UK):

This Privacy Statement applies to Personal Data collected and/or used by Ericom while acting in the capacity of a Data Controller, as defined in the European Union’s (EU) General Data Protection Regulation 2016/679, the “EU GDPR” or, where applicable, the “United Kingdom (UK) GDPR” (as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the UK European Union (Withdrawal) Act 2018), as amended and supplemented from time to time (together, herein referred to as the “GDPR”):

Data Controller and Data Processor

Certain data protection laws, including the GDPR, differentiate between “controllers” and “processors” of Personal Data. A Data Controller decides why and how to process personal information. A Data Processor does not make decisions about Personal Data and only processes personal information on behalf of a controller based on the controller’s instructions.

Ericom is the Data Controller and responsible for the Personal Data it collects and processes in the role of the Data Controller. For instance, Ericom is the Data Controller for its marketing data, Customer contact information, and its employee and contractor data. Ericom may also be a Controller when developing products and new features and providing customer support and fraud prevention. For purposes of the GDPR, the Data Controller is Ericom Software Ltd., c/o Regus, 28 Dam Hamacabim Street, Modi’in 7178594 Israel..

Our Customers are the Data Controllers for any Personal Data related to them and the parties they allow to use our Services.

Generally, Ericom is the Data Processor for the Services it performs for its Customers. When acting as a Data Processor, we only process Personal Data at the instruction of our Customers.

If you are an End User of an Ericom Customer, this Privacy Notice does not apply to the services that our Customers provide to their End Users. Our Customers have their own policies regarding the collection, use, and disclosure of the personal information of their End Users. If you are an End User of one of our Customers and want to learn about how that Customer handles your personal information, we encourage you to read the Customer’s privacy policy. Only the Customer can assist you with requests for access or deletion.

International Personal Data Transfers

Ericom is an Israeli based company with global Affiliates. It was recently acquired by Cradlepoint, a US-based subsidiary of the Swedish telecommunication company Ericsson. We primarily store your information in the United States, the United Kingdom and Israel. To facilitate our global operations, we may transfer and access such information from around the world, including from other countries in which Ericom or its Affiliates have operations for the purposes described in this Policy.

Data Transfers from EU/Switzerland: When we transfer Personal Data from the EU, Switzerland, or UK to any other country, we will do so according to an adequate mechanism of transfer as required by applicable laws or regulations.

Data Privacy Framework: Ericom Software, Inc. has certified to the US Department of Commerce that it complies with the EU-US/UK/Swiss Data Privacy Framework Principles (the “DPF”) with regards to processing of Personal Data from EU/UK and Swiss data subjects. To learn more about the Data Privacy Framework (DPF) program, and to view the Ericom certification, please visit https://www.dataprivacyframework.gov/. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

Data Transfers from the UK: Ericom Software, Inc. has also Self-Certified its compliance pursuant to the United Kingdom Extension to the EU-U.S. DPF; however, Ericom will also continue to rely on other permitted mechanisms to transfer data from the UK, and will continue to employ those mechanisms even after the UK’s anticipated adequacy regulations implementing the data bridge for the UK Extension to the EU-U.S. DPF enter into force.

Liability: Ericom may use third-party service providers, contractors, and sub processors to assist in providing the Services on our behalf. Ericom maintains contracts with these third parties restricting their access, use, and disclosure of personal information in compliance with our Data Privacy obligations, and Ericom may be liable if we fail to meet those obligations and we are responsible for the event giving rise to the damage.

Requirement to disclose: Ericom may be required in certain circumstances to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Enforcement: With respect to Personal Data received or transferred pursuant to the Data Privacy Frameworks, Ericom Software, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Inquiries and complaints: Ericom Software, Inc. commits to make all reasonable efforts to resolve complaints about our collection or use of your Personal Data within forty-five (45) days of receiving your complaint. European Union, UK or Swiss employees with inquiries or complaints regarding this privacy policy should first contact us at: privacy@cradlepoint.com.

Unresolved Complaints and Binding Arbitration: If you have an unresolved concern or complaint about our handling of Personal Data under the DPF that we have not addressed satisfactorily, we have committed to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC).

To learn how to submit a complaint review the DPF website. In addition, under certain conditions, more fully described on the DPF website, EU, UK and Swiss Data Subjects may invoke binding arbitration for non-monetary issues when other dispute resolution procedures have been exhausted.

For more information on the Data Privacy Framework, please visit the U.S. Department of Commerce’s Privacy Data Privacy Framework website.

Legal basis for processing Personal Data. Under the EU and UK GDPR, as a Data Controller, we may process your Personal Data with one or more of the following legal bases:

Performance of a Contract. We may process your personal data when it is necessary for the performance of a contract to which you are party, or to take steps at your request prior to agreeing a contract. This applies to any processing where you sign a contract with us, for example when you become our Customer, participate in our Affiliate or Channel Partner program, or deliver Services to us as a vendor or contractor. As part of the Services we provide to you under our contract with you, we may process your Personal Data to detect, prevent, or otherwise address fraud, security or technical issues, including by monitoring and enforcing compliance with our terms of use, appropriate use policies, and privacy policies.

For our Legitimate Interest: As part of running our business we have a legitimate interest to process Personal Data where such interest is not overridden by your interests or fundamental rights and freedoms. This includes, but is not limited to, the following processing activities:

Communications: To manage our relationship with Customers and business partners, such as responding to product or service inquiries, providing Customer service and, notifications about changes in our terms or privacy policy;
Use our Services: To debug, optimize and evaluate how our Services and products can be improved;
Marketing to existing Customers (apart from scenarios where you have consented to marketing): To find, customize, and offer Services we hope you find useful and relevant, i.e., provide you with excellent Customer service;
Marketing to prospective B2B Customers: To understand our Customers and their needs for our services. We try to learn how our Customers use our products and how we could improve our products to better meet our Customers’ needs;
Sharing Personal Data with our service providers (i.e. subprocessors): To run our business efficiently and securely;
Fraud: To prevent fraud, danger or other unlawful conduct, and to defend our legal interests; and
Corporate data: To run our corporation we process data within our internal departments, including accounting and tax filing, managing our workforce and complying with regulatory obligations.

With your consent: We may rely on consent to process your Personal Data, for example when you sign up for our newsletters or events, request a demo, start a free trial or a download, or submit a survey. We also rely on your consent for using cookies and other technologies on our website when you explicitly agree to these. Note that your default setting depends on your location (country), as the rules for using such technologies vary across jurisdictions.

Legal Obligations: We are subject to certain legal obligations. We may process your Personal Data for any processing where we need to comply with laws and regulations related to bookkeeping, accounting, taxation, employment, and other business activities (e.g., a legal requirement to maintain certain business records for a set amount of time).

Your GDPR Privacy Rights and Choices

See the Ericom Global Privacy Notice, Part VI: Your Privacy Rights and Choices.

UNITED STATES PRIVACY LAW NOTICE

If you reside (and depending on where you reside) in the United States, you may also have additional legal rights with respect to your Personal Data. This Notice provides a way to exercise such rights for residents of California, Virginia, Colorado, Connecticut and other states (as applicable). For information about what categories of Personal Data we collect, the purposes for collecting and using that information, and what types of service providers we may share that information with, please refer back to the list of sub-processors. For purposes of this section, “Personal Data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer (or household, as applicable), each as defined by the relevant U.S. state law.

The laws of California, Virginia, Colorado, Connecticut and other states (as applicable) grant some or all of the following rights to consumers who reside in those states:

The right to request information about Personal Data that we have collected in the 12 months preceding a request – including the categories of information collected, the source of that information, the business purpose of that collection, the categories of third parties with whom that information is shared, and the specific Personal Data collected about that particular Customer which information is provided in the table below;
The right to receive requested information in a readily-usable format if provided electronically;
The right to request that we delete any Personal Data about the consumer that we have collected (although we may be entitled to retain some information for certain purposes);
The right to opt-out of “sales” of personal information to third parties, the sharing of Personal Data with third parties for targeted advertising purposes, and/or the processing of Personal Data for targeted advertising purposes;
The right to update or correct any Personal Data which is out of date or incorrect; and
The right to be free from discrimination based on your exercise of your privacy rights.

To exercise your Privacy Rights under this Notice, please see Part VI: Your Privacy Rights and Choices or email us at privacy@cradlepoint.com.

Notice to Residents of California

Pursuant to the California Consumer Privacy Act (2018), as amended by the California Privacy Rights Act (2020) (collectively, “CA Privacy Laws”), Ericom is a service provider in its provision of services to our Customers. We do not “sell” personal information in the ordinary sense of that term. That is, we don’t provide your personally identifiable information to third parties in exchange for money. But under California Privacy Laws, sharing information with third parties for targeted advertising purposes may be considered a “sale” of personal information. California residents have the right to opt out of such sharing. Please contact privacy@cradlepoint.com to opt out of such sharing.

If you are a former California employee and would like to exercise your rights with respect to Personal Data we collected in the course of your employment, please send an email with the subject line “California Former Employee Data Request” to privacy@cradlepoint.com.

For more information about how you can exercise your Privacy Rights, please see the Ericom Global Privacy Notice.

For ease of reference, please note that in the last 12 months, we have collected the following categories of Personal Data:

Category of Personal Data (corresponds to categories listed in California Consumer Privacy Act §1798.140(o)(1))	Examples
Category A: Identifiers	Name, postal address, unique personal identifier, online identifier, Internet Protocol address, device ID, email address or other similar identifiers.
Category B: Personal Data listed in § 1798.80 of the California Customer Records statute	A name, signature, address, telephone number, education, employment, billing and transactions information.
Category C: Characteristics of protected classifications under California or federal law	Age, ethnicity, race, languages spoken, or gender. To the extent these characteristics are voluntarily disclosed to us or contained in any content transmitted across or stored on our networks.
Category D: Commercial Information	Records and history of products or Services purchased or considered.
Category F: Internet or other electronic network activity information	Interaction with our Web sites, applications, or advertisement, such as browsing history, search history, and related information.
Category G: Geolocation data	Approximate physical location (derived from an Internet Protocol address)
Category H: Audio, electronic, visual, thermal, olfactory, or similar information	Recordings of any phone or video calls between you and Ericom
Category I: Professional or employment-related information	Job title, employer name.

We may have disclosed this Personal Data to Affiliates, Business Partners and our service providers.

Annual Reporting of Requests

The data below reflects all requests received from individuals in the U.S. as well as certain requests from individuals outside of the U.S. in the past 12 months.

	Requests Received	Requests Completed	Requests Not Completed	Average Day to Complete
Data Access	0	N/A	N/A	N/A
Data Deletion	0	N/A	N/A	N/A
Do Not Sell My Personal Information	0	N/A	N/A	N/A

Personal Data Sources

See the Notice, Part II: What Information We Collect & How We Collect It.

Purposes for Which Personal Data is Used

See the Notice, Part III: How We Use the Information.

DATA ABOUT CHILDREN

We do not knowingly permit children (under the age of eighteen (18) to sign up for a Ericom account. If you are under 18, please do not attempt to register for the Services or send any Personal Data to us. If we learn that we have collected any Personal Data from a child, we will take reasonable steps to delete that information as soon as possible. If you believe that a child may have provided us their information, please contact us at privacy@cradlepoint.com.

OTHER REGIONS

If you are in another region, we have not forgotten about you! There are specific requirements those regions require us to put into our Privacy Notice. If you have questions regarding compliance with your country’s privacy or data protection laws, please reach out to us at privacy@cradlepoint.com.

PART VIII: DEFINITIONS

“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity. Affiliate means, among other entities, Cradlepoint’s parent company, Ericsson, Inc. and its affiliates.

“Channel Partner” means a Ericom-authorized partner, authorized by Ericom to sell Services.

“Confidential Information” means any information or data, regardless of whether it is in tangible form, disclosed by either party (“Disclosing Party”) to the other party (“Receiving Party”) that is marked or otherwise designated as confidential or proprietary or that should otherwise be reasonably understood to be confidential given the nature of the information and the circumstances surrounding disclosure. Confidential Information of Customer includes Customer Data; Confidential Information of Ericom includes the Services, Evaluation Services, and the terms and conditions of this Agreement. Confidential Information of each party includes business and marketing plans and strategies, technology and technical information, security reports and attestations, product plans and designs, and business processes disclosed by such party. Confidential Information does not include any information that (1) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (2) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (3) is received from a third party without knowledge of any breach of any obligation owed to the Disclosing Party, or (4) was independently developed by the Receiving Party without use of any Confidential Information of the Disclosing Party.

“Customer” means the company or other legal entity accepting an Agreement as defined in the terms and conditions with Ericom (or represented by the individual accepting an Agreement) or that is using or accessing the Services.

“Customer Content” or “Content Data” means all electronic data and information transmitted by or on behalf of Customer or its End Users through use of the Services.

“Customer Data” means all electronic data and information submitted by Customer for setup and provisioning of the Services, such as contact details for Customer’s End Users. Customer Data does not include Customer Content.

“Data Controller”. The data controller is the company or person who has the power to determine what happens to your data. With respect to our Services, generally, our Customers are the data controller, as defined under applicable privacy laws.

“Data Processor”. The data processor only processes Personal Data on behalf and with the instruction of the data controller. We are generally the Data Processor for our Customers.

“Documentation” means the applicable Service’s documentation, usage materials, and policies specifying the functionality of each Service, as updated from time to time.

“End User” means an individual: (1) who is authorized by Customer to use a Service, (2) for whom Customer has purchased a subscription or otherwise provisions a Service, and (3) to whom Customer (or, when applicable, Ericom at Customer’s request) has provided login credentials. End Users may include employees, consultants, contractors and agents of Customer and its Affiliates.

“Ericom” means Ericom Software, Ltd. or the Ericom-affiliated company otherwise specified in an order form or contract.

“Ericom Data” means all information created, generated, collected, or compiled regarding Customer’s use of the Services and related to the provision, performance, and operation of the Services, in an aggregate and anonymous manner that does not identify Customer or Customer’s Confidential Information.

“Global Privacy Notice”, also called “Notice”. To provide you with reader-friendly information about our privacy practices and how we collect, use, process, and transfer your Personal Data.

“Inquiry and Communications Information” Any information that you provide to us as part of a service request or request for communication or as part of using our Services.

“Managed Service” means a combination of Channel Partner products or Services with the Ericom Services that Channel Partner delivers to Channel Partner’s end Customers, which is (1) Channel Partner-branded in a manner that differentiates the Managed Service from the Ericom Services and (2) supported by Channel Partner.

“Personal Data” is anything that can directly or indirectly identify a living individual, or as how Personal Data is defined in any privacy law in the jurisdiction where you live. That can be your contact information, but also online identifiers such as your IP address your geolocation or your biometric or health data. Depending on your location, this data may also be called personal information.

“Services” means (1) the products, Software, and services that are ordered by Customer under an Order Form, (2) services or features ordered online through use of the Services, (3) Evaluation Services, or (4) mobile applications made available by Ericom. Services may be hosted on servers under control or direction of Ericom or its third-party providers. Services exclude third party applications, products, or services not provided by Ericom.

“Sensitive Personal Data” refers to all Personal Data that is of confidential nature and may cause harm to an individual if it is misused. Because of the potential for harm, countries around the globe have created laws and regulations for it. For instance, the General Data Protection Regulation has defined a set of Sensitive Personal Data that is known as “special category data” that can only be used in limited circumstances. In the US, information such as payment card data and medical data is considered as Sensitive Personal Data.

“Usage Data”: We may collect or process certain data relating to the performance and configuration of the Services, and our Customers’ and their End Users’ consumption of and interaction and use of such Services.

CHANGES TO OUR PRIVACY NOTICE

We may change this Notice from time to time, and if we do, the most current version will be available at https://ztestage.wpengine.com/privacy-policy/ with the date indicating when it was last updated. These changes might be minor, such as updating an address or fixing a typo, or they might be material, such as making a change that affects your rights. If we make changes that affect your rights, we will provide advance notice to you, such as by posting a message in the Ericom resource center or on our website, or we’ll send an email via the address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.