1. OVERVIEW AND SCOPE

1.1. Overview

This policy and applicable supporting procedures are designed to provide Lync HoldCo Inc d/b/a Necto (hereinafter referred to as “Necto” or “we”) with a documented and formalized process for protecting individuals’ privacy. Respect for the privacy of personal and other information is fundamental to us. This privacy policy describes our collection of personal information from users of our Web site (“Website” or “Site”), our Platform, as well as all related applications, widgets, software, tools, and other services provided by us and on which a link to this Policy is displayed (collectively, together with the Website, our “Service”). This Policy also describes our use and disclosure of such information. By using our Service, you consent to the collection and use of personal information in accordance with this policy. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.

1.2. Policy Scope

This policy and supporting procedures cover the privacy of all data collected by Necto in its interaction with individuals in its business operations.

1.3. Data Transfers

Necto complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Necto has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Necto has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

Necto collects, uses, transfers, and otherwise processes data, including Personal Data, in several ways. Necto uses the Personal Data collected for the following basic purposes: (1) to provide and support the products and services Necto offers; and (2) to send certain communications regarding product use and updates. Necto also collects, uses, and processes human resources data in the context of an employment relationship with its current employees, applicants and former employees, as further described herein.

Necto is subject to investigatory and enforcement powers of the Federal Trade Commission (FTC).

1.4. Definitions

“Personal Data” means information that is: (a) within the scope of the EU Data Protection Directive (95/46/EC) or General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), as to data subjects covered thereunder; (b) within the scope of the Swiss Federal Act on Data Protection as to Swiss data subjects; (c) within scope of the UK GDPR as defined by the UK Data Protection Act; (d) received in the U.S. from the EU, Switzerland, or the United Kingdom; and (e) recorded in any form. 

“Sensitive Information” means Personal Data that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or other information about an individual’s health and additionally under the Swiss-U.S. Data Privacy Framework ideological views or activities, information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.

1.5. Scope of Data Collected by Necto  

Necto provides services to corporate treasury and finance departments. These services include but are not limited to providing a secure API aggregator for real-time connectivity to banks and financial institutions. While providing services to its customers, Necto may, directly or through its interfaces with its clients, receive or collect Personal Data such as emails. Necto only accesses or uses Personal Data or Sensitive Information while performing services requested by its customers under its contractual obligations.

Human resource data may be disclosed to third-party service providers to assist with background checks, payroll, and other human resources activities.

2. CHOICE

Necto provides EU, UK, and Swiss individuals the choice and means for limiting the use and disclosure of their Personal Data. Subject to the limitations in the DFP Principles, individuals have the right to choose (opt out) whether their Personal Data is: (a) to be disclosed to a third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized. Individuals may send opt out requests to [email protected].

3. ONWARD TRANSFER

Necto is a B2B company and does not disclose Personal Data or Sensitive Information to third parties unless done under the direction and consent of its customers or required by law, compelled by tribunals, courts, or government agencies, or as otherwise required, including to meet national security or law enforcement requirements. In cases of onward transfer to third parties of data of EU individuals received under the EU-U.S. DPF, UK individuals received under the UK Extension, and Swiss individuals received under the Swiss-U.S. DPF, Necto may potentially be liable. In particular, Necto remains responsible and liable under the DPF Principles if third-party agents that it engages to process Personal Data or Sensitive Information on its behalf do so in a manner inconsistent with the DPF Principles unless Necto proves that it is not responsible for the event giving rise to the damage.

4. DATA SECURITY

Necto protects the Personal Information it collects with reasonable and appropriate physical, electronic, and procedural safeguards. We use reasonable security measures that are designed to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please note, however, that no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any personal information or other information. You transmit information to us at your own risk.

5. DATA INTEGRITY

Necto processes Personal Data consistent with the purposes for which it was collected or authorized by an individual. To the extent practical, Necto shall take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. If an individual would like to access or update Personal Data, the individual may contact Necto using the contact information provided. Necto will require individuals to properly verify their identity before it actions any requests.

6. ACCESS

Upon request and subject to certain exceptions, Necto will provide individuals reasonable access to personal data that it holds about them. In addition, Necto will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Individuals may contact Necto using the contact information provided to request access to their Personal Data. To protect the individual’s privacy, we may take steps to verify the requestors’ identity and/or authority prior to acting on a request regarding personal data.

7. ENFORCE AND DISPUTE RESOLUTION

Necto provides mechanisms for assuring its compliance with the DFP Principles. Necto uses a self- assessment approach and, at least once a year, shall certify that the DPF Policy is accurate, comprehensive, prominently displayed, implemented, and in conformity with the DFP Principles. Necto shall monitor adherence to the DFP Principles and address questions and concerns regarding its adherence. Personnel who violate Necto’s privacy policies may be subject to a disciplinary process. Individuals may raise any complaints by contacting Necto using the contact information below. Necto shall respond to an individual complaint within 45 days.

If an issue cannot be resolved by Necto’s internal dispute resolution mechanism, Necto has chosen JAMS to be its independent recourse mechanism for Data Privacy Framework disputes. Individuals may contact JAMS at https://www.jamsadr.com/dpf-dispute-resolution to address complaints at no cost to individuals.

In the event that Necto or JAMS determines that Necto did not comply with the DPF Policy, Necto shall take appropriate steps to address any adverse effects and to promote future compliance. Under certain circumstances, individuals may invoke binding arbitration before the Data Privacy Framework Panel for residual claims not otherwise resolved. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Necto commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Any employee of Necto is in violation of this policy will be subject to disciplinary action up to and including termination of employment.

8. LIMITATION OF THE APPLICATION OF THE PRINCIPLES

Adherence by Necto to the DPF Principles will be limited as explicitly permitted by the Principles:

• • • to the extent necessary to meet national security, public interest, or law enforcement requirements; or
    • by statute, government regulation, or case law that create conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, Necto’s non-adherence is limited to the extent necessary to meet the overriding legitimate interests.

Where the option is allowable under the DFP Principles and/or U.S. law, Necto will opt for the higher protection where reasonably possible.

9. CHANGES TO THIS POLICY

This policy may be amended from time to time, consistent with the requirements of applicable laws and regulations. The revisions will take effect on the date of publication of the amended policy, as stated. Necto will not amend this statement in a manner inconsistent with the DPF Program.

10. CONTACTING US

If you have any questions, comments, or concerns about this policy or your personal information, please contact us at [email protected]. If you have a complaint that we have breached these privacy principles and attempted in good faith to resolve the complaint through our customer service process, but the complaint was not resolved by us within a reasonable amount of time, then you may enforce these privacy principles against us.