Privacy Policy

Nexthink Privacy and Cookies Policy

This notification is solely relevant when Nexthink acts as the Controller of personal data. For example, this pertains to personal data of Nexthink website visitors, job candidates or business-to-business contact information. When Nexthink processes personal data on behalf of its subscribers while they use Nexthink products and services, Nexthink functions as a Processor, not a Controller. It is important to clarify that this notification does not pertain to Nexthink's products and services. If you have inquiries concerning how a Nexthink subscribers use our solutions to process your personal data, please reach out to them directly. If you are a Nexthink subscriber or you are interested in our products and have more questions about our ISO certified Privacy Program, please visit our Global Privacy Hub.

Table of Contents

1. Introduction

2. Bases of Processing

3. Collection of Your Information by Us

a. Information that you provide voluntarily

b. Information that we obtain from third party sources

c. Information that we collect automatically

d. Information About Children

4. Use and Disclosure of Your Information

5. Information About Our Use of Cookies

6. Social Media Features

7. External Websites

8. International Transfers of Personal Data

9. Security of Personal Data

10. Retention of Personal Data

11. Your Rights

12. California Residents

13. Changes to this Privacy Policy

14. Contact Us

1. Introduction

Nexthink SA (together with its associated companies) (“We”, "Us") respect your privacy and promise to use appropriate measures to protect any personal data we collect about you or that you provide to us (“your information”).

This Privacy Policy (together with our Terms and Conditions of use of our website https://www.nexthink.com/terms-and-conditions/ and any other documents referred to on it) sets out the basis on which your personal data , will be processed by us through our website at https://www.nexthink.com (the "Website") or when you contact us.

"Personal data" or "personal information" means any information that, either by itself or combined with other information, may be used to identify an individual, for example: a first and last name, a home or other physical address, an email address or other contact information, whether at work or at home or technical information such as a IP address, cookies or device information. More detail about what personal data We collect about you is given below.

“Processing” means any actions performed on the personal data such as collection, storage, sharing and deletion.

2. Bases of Processing

We will only process your personal data if We have a lawful basis to do so. This may be where We have your consent to do so, where We need the personal data to perform a contract with you, or where the processing is in our legitimate interests. We may also need to process your information to comply with our legal obligations.,

If you withdraw your consent to us processing your data, that will not affect any processing carried out prior to the withdrawal of your consent. Where We send you marketing communications, you may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our emails, by sending us an email at [email protected].

“Legitimate Interests” include:

The interests of our company in conducting, managing and growing our business.
Improving our offerings to enable us to give you the best service/products.
To improve the quality and efficiency of our customer support.
Marketing, for example, We have an interest in making sure our marketing is relevant for you, so We may process your information to send you marketing that is tailored to your interests.
Administering our recruitment processes.

When We process your personal information for our legitimate interests, We make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – We will not use your information for activities where our interests are overridden by the negative impact on you (unless one of the other legal bases applies, as described above.

If you have any concerns about the processing below, you have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” section below.

3. Collection of Your Information by Us

a. Information that you provide voluntarily

When you visit our Website or contact Us, We may request that you provide personal data in order for us to be able to deal with your query.

You may give us personal data, such as contact data, voluntarily, for example by filling in forms on our Website or by corresponding with us by phone, e-mail or otherwise, including your name, e-mail address, phone number, and other such information that can identify you personally, such as your login credentials. Of course, We will respect your preferences in receiving marketing and other communications from us and third parties.

We may choose to provide users of our offerings, along with interested organizations and individuals, with optional tools, courses, and materials that showcase the capabilities of our solutions and enable them to test and/or learn more about Nexthink's products or specific functionalities. Access to any such resources may require the registration of your contact information. Unless specifically advised by us, test and demo environments do not require the input of any personal data; instead, We recommend the use of synthetic or “dummy” data. If you choose to participate in our courses, We may store your learning progress.

You may also voluntarily respond to our online surveys or allow us to record calls with you to improve the quality of our support and services. Respondents to our online surveys and attendees to our online webinars or digital events may be requested to provide additional personal data alongside identity and contact data. We may collect demographic information, such as gender, age, marital status, nationality, country of birth and residence, native language preferences, interests and favorites. Where possible, We will ensure that these are not associated with your name or other personally identifying information. We also collect participant IDs as well as any personal data provided in the individual's responses.

We use Pendo, an analytics service provided by Pendo.io, Inc., to evaluate the use of Nexthink’s web-based portal, to gather user feedback, and to improve user experience. If you voluntarily provide us your email address when providing optional in-product feedback, We may combine your email address with usage data collected by Pendo. For additional information, please visit Pendo’s Privacy Policy at www.pendo.io/legal/privacy-policy/.

When applying for a specific vacancy advertised on the Website or submitting your details for entry into the Nexthink speculative applicant database, you will be asked for specific personal data to determine your potential suitability against current or future recruitment requirements. This could include your CV, details of your work and academic experience, professional qualifications and other information relevant to the vacancy or business area you have selected, along with your contact details. As a general rule, during the recruitment process, We try not to collect any of the following: information that reveals your racial or ethnic origin, religious, political or philosophical beliefs or trade union membership; genetic data; biometric data for the purposes of unique identification; or information concerning your health/sex life ("Special Category Personal Data"), unless authorized by law or where necessary to comply with applicable laws. However, in some circumstances, We may need to collect, or request on a voluntary disclosure basis, some Special Category Personal Data for legitimate recruitment-related purposes: for example, information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations. You may provide, on a voluntary basis, other Special Category Personal Data during the recruitment process. When processing Special Category Personal Data we rely on your consent or an applicable legal basis under applicable data protection laws.

During the recruitment process, where permissible under applicable laws, We may conduct a criminal background check for certain roles allowing privileged access to customer data, financial data, and security systems. These checks are carried out by a vetted third-party provider.

b. Information that We obtain from third party sources

Any data from customers and parties participating in Nexthink’s Partner Program, such as financial data including bank account and payment card details and transaction data on previous, current and upcoming deals, will be collected and processed to manage our customer relationships or when you sign up to training courses.

In regard to any criminal convictions checks, as mentioned above, We rely on specialist third party vendors to conduct these checks and do not store any resulting information on our systems.

We may source some of your information which is publicly available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or any information that We acquire from third party service providers (such as business partners, sub-contractors for any technical delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). The types of information We collect from third parties may include professional and academic data for recruitment purposes, or identity and contact information to identify respondents for research surveys. Wherever We collect information about you from third parties We ensure that We are legally entitled to do so and that We collect only the minimum personal data necessary for the specific purpose that We trying to fulfil.

c. Information that We collect automatically

We also automatically collect some technical and navigational information from your visit to our Website, webinars or events and from your use of our mobile application. This includes information about your device (such as your computer IP address, device model, unique device identifier, OS version, mobile network) or information about where and how you access our Website or mobile application (such as geographical location, browser type and language, referral source, server logs, length of visit and pages viewed). Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.

Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Information About Our Use of Cookies” below.

d. Information About Children

Our Website are not intended for or targeted at children under 13, and We do not knowingly or intentionally collect information about children under 13. If you believe that We have collected information about a child under 13, please contact us at [email protected], so that We may delete the information.

4. Use and Disclosure of Your Information

We will combine the information We receive from you or your information that we collect from our Website or other sources and use the combined information for the purposes set out below:

to operate and improve the Websites, improve your browsing experience and to improve any subscription service;
send personalized information to you which We think may be of interest to you by post, email, or other means;
send you marketing communications relating to our business or the businesses of carefully-selected third parties which We think may be of interest to you;
contact you, on behalf of external business partners, about a particular offering that may be of interest to you;
share data with trusted partners to contact you based on your request to receive such communications, help us perform statistical analysis, or provide customer support. Such third parties are prohibited from using your information except for these purposes, and they are required to maintain the confidentiality of your information;
evaluate your potential suitability against a specific position you have applied for or a general recruitment requirement;
to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
to notify you about changes to our service;
administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
to measure or understand the effectiveness of advertising We serve to you and others.

We will not sell, rent or lease your information, or share it with others, except as indicated in this Privacy Policy.

We may disclose your personal information to the following categories of recipients:

to our group companies, third party services providers and partners who provide data processing services to us, or who otherwise process personal information for purposes that are described in this Privacy Policy or notified to you when We collect your information. These include service providers which are used for the following purposes: provision of digital credentials for successful participants of our trainings and exams; provision of webinars, online training and virtual events; organizing and managing online surveys; recruitment of participants for our surveys; job recruitment purposes; research and marketing purposes; sales and customer relationship management; vendor and contract management; regulatory compliance with local laws; and IT and teleconferencing support.
to our professional advisers who provide us with legal, audit, accountancy, insurance and banking services;
to any competent law enforcement authority, regulatory body, government agency, court or other third party where We believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that We inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Policy;
to any other person with your consent to the disclosure.
⁠
⁠5. Information About Our Use of Cookies

We use “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your computer’s hard drive by a web server. Apart from those cookies which are classed as “strictly necessary” (see below), your opt-in consent is required before a cookie is placed on your device and our cookie consent manager allows you to manage this. Cookies can further be distinguished as “first party cookies” (those managed by us) and “third party cookies” (those managed by third parties). We provide more information on each type in the tables below.

Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalize pages on our Website, a cookie helps us to recall your specific information on subsequent visits. When you return to the same website, the information you previously provided can be retrieved, so you can easily use the features that you had customized. You can accept or decline cookies. You can refuse to consent to the use of cookies or block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. If you choose to reject cookies, you may still use our Website though your access to some functionality and areas of our Website may be restricted. If you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services. These can be blocked but will then impact the performance of the website.
Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognize you when you return to our Website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

You can find more information about the individual cookies We use and the purposes for which We use them in the table below:

Cookie	Purpose
Adblocker Popup	Tracks whether a user has seen our adblocker message.
Attribution	Tracks where and how a visitor came to the Website.
Cookie Alert	Tracks whether a user has accepted cookies upon their first visit to the Website.
Dynatrace	Monitors website performance, tracks user behavior and gathers diagnostic information.
Ebook Popup	Tracks whether a user had seen our ebook advertisement.
LuckyOrange	Provides information for Heat Mapping User Behavior.
Marketo	Allows a website to link visitor behavior to the recipient of an email marketing campaign, to measure campaign effectiveness.
nr-data.ent	Tracks application performance and gather diagnostic information.
OneTrust	Set by the cookie compliance solution from OneTrust. This cookie stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the visitor’s browser, when consent is not given.
Zendesk	Stores a binary variable determining whether a user has been authenticated, session information for root access applications, and session information for sharing across Zendesk applications.

In addition to the above, third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which We have no control so please refer to their respective privacy policies for more information. These cookies are likely to be analytical/performance cookies or targeting cookies.

Below are some examples of such third party cookies and related information:

Facebook	https://www.facebook.com/privacy/policies/cookies/
Google Analytics/ Google Optimize	https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
LinkedIn Insight	https://www.linkedin.com/legal/cookie-policy
Olark	https://www.olark.com/privacy-policy/
Salesloft	https://salesloft.com/cookie-policy/
X (formerly Twitter)	https://help.twitter.com/en/rules-and-policies/twitter-cookies
Typekit	https://www.adobe.com/privacy/cookies.html
Vidyard	https://www.vidyard.com/cookies/
Vimeo	https://vimeo.com/privacy
Youtube	https://policies.google.com/technologies/cookies?hl=en .

6. Social Media Features

Our Website includes social media features, such as the Facebook Like button and widgets, such as the Share This Button or interactive mini-programs that run on our sites. These features may collect your IP address, which page you are visiting on our sites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. This Privacy Policy does not apply to these features. Your interactions with these features are governed by the privacy policy and other policies of the companies providing them.

7. External Websites

Our Website provide links to other websites. We do not control, and are not responsible for, the content or privacy practices of these other websites. Our provision of such links does not constitute our endorsement of these other websites, their content, their owners, or their practices. This Privacy Policy does not apply to these other websites, which are subject to any privacy and other policies they may have. When you leave our Website, We encourage you to read the privacy policy of every website you visit.

8. International Transfers of Personal Data

To facilitate our global operations, your information may be transferred to and accessed from countries other than your own to process and store data in accordance with this Privacy Policy and to provide you with products and services. Some of these countries may not have the same data protection safeguards as the country where you reside.

Our group companies are based throughout the EU, in Switzerland, the USA, India and the United Kingdom, and third-party service providers and partners operate around the world. We are committed to ensuring your information is protected and apply safeguards in accordance with this Privacy Policy and applicable data protection laws. Legal safeguards include the Standard Contractual Clauses approved by the European Commission and similar protections offered by the United Kingdom and Switzerland.

Nexthink, Inc. is committed to upholding data privacy standards in accordance with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF") as established by the U.S. Department of Commerce. Nexthink, Inc. has formally certified to the U.S. Department of Commerce its adherence to the EU-U.S. Data Privacy Framework Principles ("EU-U.S. DPF Principles") concerning the processing of personal data received from the European Union under the EU-U.S. DPF and from the United Kingdom (including Gibraltar) under the UK Extension to the EU-U.S. DPF. Additionally, Nexthink, Inc. has certified its commitment to the Swiss-U.S. Data Privacy Framework Principles ("Swiss-U.S. DPF Principles") in relation to the processing of personal data received from Switzerland under the Swiss-U.S. DPF. In the event of any discrepancies or conflicts between the terms outlined in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the principles established in the EU-U.S. DPF and Swiss-U.S. DPF shall take precedence and govern our data privacy practices. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. The Federal Trade Commission has jurisdiction over Nexthink, Inc. compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

If your personal data is subject to the GDPR, UK GDPR or the Swiss FADP and We intend to transfer the respective information to a third-party service provider and/or partner based in a jurisdiction subject to the privacy laws and regulations of a foreign jurisdiction, We will (i) enter into a contract with such party, (ii) transfer the information only for limited and specified purposes, (iii) ascertain that an adequate transfer mechanism is in place, such as the DPF or the Standard Contractual Clauses, (iv) take reasonable and appropriate steps to ensure that the party effectively processes the information in a manner consistent with Our obligations under the applicable transfer mechanism, (v) require the it to notify Us if the party determines that it can no longer meet its obligation to provide the level of protection required by the applicable transfer mechanism, (vi) upon notice take reasonable and appropriate steps to stop and remediate unauthorized processing of the information, and (vii), where the DPF is the applicable transfer mechanism, provide a summary or representative copy of the relevant privacy provisions of the service provider’s or partner’s contract to the Department of Commerce, upon its request. We remain liable if Our third-party Processor onward transfer recipients process relevant personal information in a manner inconsistent with the applicable transfer mechanism, unless We prove that We are not responsible for the event giving rise to the damage.

9. Security of Personal Data

All information you provide to us is stored on secure servers and We take appropriate security measures designed to protect against unauthorized access, use or disclosure. Where We have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your information, We cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once We have received your information, We will use industry standard measures and security features appropriate to the risk of processing your personal data to protect that data against unauthorized or unlawful access.

10. Retention of Personal Data

We only retain personal data for the minimum period necessary to achieve the purpose for which it was collected and in line with any applicable business, legal or regulatory requirements (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements) We will then securely delete or anonymize the information unless We have a justifiable case for retaining that data in identifiable form for longer. This could be the case where We are exercising, establishing or defending our legal rights

11. Your Rights

You have the following rights with respect to your personal data (please note that not all rights are available in every case and certain conditions or exceptions may apply which We will explain in our response to your request) :

To access your information, along with supplementary information about the processing;
To request that We correct any errors, outdated information, or omissions your information;
To request that your information not be processed or restrict the processing of your information;
To request portability of your information;
To request that your information be deleted;
The right to not be subject to solely automated decision-making.

To exercise any of these rights, please contact us using the information below.

You also have the right to make a complaint at any time to a data protection authority about our collection and use of your personal information. Please contact us in the first instance using the details below and We will attempt to resolve your complaint. However, if you remain dissatisfied after our response, you may contact your local data protection authority. With regard to any unresolved complaints concerning our handling of personal data received by Nexthink, Inc. in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, We commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities, the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC).

You may have the option to select binding arbitration under the Data Privacy Framework Panel for the resolution of your complaint under certain circumstances.

12. California Residents

Under the California Consumer Privacy Act of 2018 and any subsequent amendments including the California Privacy Rights Act of 2020 (collectively, “CCPA”), California residents are entitled to the following additional disclosures about our data processing. All terms used in this section have the same meaning as when used in the CCPA.

Under the CCPA, you have the right to know what personal information We collect, how We obtain and use that information and the business purposes for which the information was collected.

In the preceding 12 months, We have collected the categories of personal information as detailed in the “Collection of Your Information By Us” section of this policy above.

In the preceding 12 months, We have disclosed personal information for a business purpose as detailed in the “Use and Disclosure of Your Information” section above.

We may also sell or share information to the extent our use of cookies and tracking technologies for targeted advertising constitutes a “sale” under the CCPA/CPRA. In the preceding 12 months, We have sold or shared the following categories of personal information with our targeted advertising service providers and partners: account data (account name, location, company size), browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

To opt-out of, please visit our cookie banner and adjust your preferences.

We do not knowingly sell the personal information of minors under 16.

Your Rights and Choices

You have the following rights in relation to your personal information:

The right to opt out of the selling and sharing of your information
The right to know what information is held/has been collected and access to it
The right to limit the use of sensitive personal information

The right to data portability
The right of no retaliation/discrimination
The right to correct any errors in your information
The right to opt out of automated decision-making
The right to request deletion

We will attempt to respond to requests within 45 days of receipt. In the event of delays over 45 days, We will inform you of the reason and extension period in writing. Any disclosures We provide will only cover the 12-month period preceding the verifiable receipt of request.

We do not sell or share Sensitive Personal Information for cross-context behavioral advertising.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time by posting a new version online. You should check this page occasionally to review any changes. If we make any material changes, We will notify you by posting the revised Privacy Policy on our Website. Your continued use of the Website and/or continued provision of your information to us will be subject to the terms of the then-current Privacy Policy. Please keep us informed if your personal data changes during your relationship with us.

14. Contact Us

If you have any questions about this Privacy Policy or our treatment of your personal data, please reach out to our Privacy Team and Data Protection Officer at [email protected] or by post at to Nexthink S.A. Centre Malley-Lumières, Chemin du Viaduc 1 1008 Prilly, Switzerland.

12 APRIL 2024

Privacy Policy