Data Privacy Framework Notice
When we refer to “we” (or “our” or “us”), that means Nexza, Inc. (doing business as Ruddr). We have applied for self-certified compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively, the “Data Privacy Framework”). That application is pending. We have certified to the U.S. Department of Commerce that we adhere to the Data Privacy Framework Principles regarding the collection, use, and retention of personal information transferred from the European Union and European Economic Area member states, United Kingdom, and Switzerland to the United States in reliance on the Data Privacy Framework. Once approved, additional information, along with our self-certification, can be found at https://www.dataprivacyframework.gov.
Scope
We provide a generally available software-as-a-service offering (the “Service”) hosted by us or on our behalf. Our Data Privacy Framework certification applies to personal information that we collect and process in the course of our business, as described in our Privacy Policy. It also applies to Customer Personal Data (as defined in the Customer Data Processing Addendum found at: https://www.ruddr.com/data-processing-addendum) that our customers and their authorized users upload and store in the Service from the European Union and European Economic Area member states, the United Kingdom, and Switzerland, except where the agreement with the customer stipulates a different transfer mechanism recognized by the relevant authorities (e.g., standard contractual clauses). The types of personal information that our customers upload and store in the Service is at their discretion (subject to any limitations in the applicable agreement) and we only process such information in accordance with the customer’s instructions, as set forth in the applicable agreement. Although we adhere to the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework, we will not rely on these frameworks for personal information transferred from the United Kingdom and Switzerland until each of those frameworks enters into force.
Inquiries & complaints
You may direct any inquiries or complaints concerning our Data Privacy Framework compliance to legal@ruddr.io. We will investigate and attempt to resolve complaints within 45 days. If we do not resolve your complaint, you may be entitled to pursue binding arbitration. Further information about binding arbitration can be found here: https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf.
Disclosure requests
We may be required to disclose personal information in response to lawful requests by public authorities, including national security or law enforcement requirements. Lawful requests include court orders, foreign government requests, national security requests, search warrants, and subpoenas.
Onward transfers
We are liable if any third party agents to which we disclose personal information fail to meet the obligations under the Data Privacy Framework for which we are responsible and such failure results in damages, unless we can prove that we are not responsible for the events giving rise to the damages.
Enforcement
Our compliance with the Data Privacy Framework is subject to the investigative and enforcement powers of the U.S. Federal Trade Commission.
Changes to this notice
We may change this Notice from time to time. If we make any changes to this Notice, we will change the last updated date below. If such changes are material in nature, we will provide you with additional notice (such as sending you an email notification).
How to contact us
Please contact us via email at legal@ruddr.io.
Last updated: April 19, 2024