Effective on: 7/17/2024
Introduction and Scope
One Network Enterprises, Inc. (“One Network,” “we,” “us,” “our”) takes the protection of personal data very seriously. This Privacy Notice (the “Notice”) is directed at data subjects (“you”, “your”) whose personal data we may receive from our customers or business partners in our hosted NEO supply chain network service (“NEO service”) and related services. This Notice does not apply to personal data we collect by other means, such as personal data that we receive directly through One Network’s own publicly accessible website: https://www.onenetwork.com/.
In addition, our customers use our hosted NEO service to store and process data of their own customers at their own discretion. In this circumstance, we act only as a storage and service provider, without any interest or knowledge about what is being stored, and in general shall only access such data at our customer’s request in connection with customer support or account administration matters, as is reasonably necessary in order to provide the services that our customer has directed us to provide, or as may be required by law.
EU-U.S. and Swiss-U.S. Data Privacy Frameworks
One Network complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, please visit https://www.dataprivacyframework.gov/.
Dispute Resolution
Where a privacy complaint or dispute cannot be resolved through One Network’s internal processes, One Network has agreed to participate in the VeraSafe Data Privacy Framework Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
Categories of Personal Data
We process the following types of personal data:
- First and Last Names;
- Personal avatar image, which may include identifiable images such as photographs; and
- Business contact information including mailing addresses, phone numbers, fax numbers, and email addresses.
Controllership
In the context of this Notice, One Network acts as a data Processor for the Personal Data we process as part of the NEO service. This means that One Network entered into a contract governing the use of the NEO services with our customer, who chooses the type of Personal Data they give to us to process. The customer may be your employer or someone else. We usually do not have a direct relationship with the people whose personal data we get from our Customers.
One Network acts as a data Controller for Personal Data we process as part of our client relations and to conduct business transactions. This means that One Network determines how and why we use your Personal Data, and you can contact us directly to exercise your data subject rights.
Purpose of Processing
We process Personal Data for the following purposes:
- To provide, update, maintain and protect our NEO service, website, and business.
- To follow the law, legal process, or regulation.
- To communicate with you and respond to your requests, comments, and questions.
- To send emails and other communications about the NEO service, including security and account-related communications and marketing communications.
- To administer accounts and keep track of billing and payments.
- To contact you regarding billing, account management, and other administrative matters, such as invoicing and payments tracking.
- To investigate and help prevent security issues and abuse.
- To provide application logs to customer administrators for troubleshooting and monitoring of the applications.
- To assist our customers as they request.
We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.
Data Subject Rights
One Network acknowledges the right of EU, UK and Swiss individuals to access their personal data pursuant to the Data Privacy Framework and will grant individuals reasonable access to personal information it received pursuant to the Data Privacy Framework Principles. In addition, One Network will take reasonable steps to permit individuals to correct, amend, or delete such information that is demonstrated to be inaccurate or processed in violation of the Principles. An individual may request to access their information, or otherwise correct, amend, or delete their information in line with the EU-U.S. (and its UK Extension) and Swiss-U.S. Data Privacy Framework Principles by contacting us at [email protected].
In addition to the rights we set out above, please note that you have the opportunity to choose to opt-out of having your personal data: (i) disclosed to a third party; or (ii) used for any purpose that is materially different from the purpose(s) for which your personal data was originally collected, or the purpose(s) which you subsequently authorized. You can make this choice at any time by using the unsubscribe mechanism that we provide in our marketing communications, or by contacting us at [email protected] with your request. We will process all opt-out requests promptly but in any event within 10 business days of our receipt of the opt-out request.
Sharing Personal Data with Third Parties
We share Personal Data with our service providers, who process Personal Data on behalf of One Network. Such third parties include those that are:
- Fulfilling orders and delivering packages
- Payment processing
- Providing customer service
- Fulfilling subscription services
Our service providers may be located outside of the United States; however, we will either obtain your explicit consent to transfer your Personal Data to such third parties, or we will require those third parties to maintain at least the same level of confidentiality that we maintain for such Personal Data ourselves. One Network remains liable for the protection of your Personal Data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
Other Disclosure of Your Personal Data
We may disclose your Personal Data (i) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, or (ii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change, or (iii) to our subsidiaries or affiliates only if necessary for business and operational purposes as described in the section above.
We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any Personal Data, about our NEO service users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
Access & Review
If you are a data subject about whom we store Personal Data, you may have a right to request access to, and the opportunity to update, correct, or delete, such Personal Data.
When One Network acts as a data Controller, upon request, One Network will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by logging into your account, or by contacting us at [email protected]. We will respond to your request within a reasonable time frame. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
When One Network acts as a data Processor, One Network acknowledges that you have the right to access your personal information. One Network has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the One Network’s customer (the data controller). If requested to remove data we will respond within a reasonable time frame. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
Changes to this Privacy Notice
If we make any material change to this Notice, we will post the revised Notice to this web page and update the “Effective” date above to reflect the date on which the new Notice became effective.
Contact Us
If you have any questions about this Notice or our processing of your Personal Data, please write to us by email at [email protected] or at [email protected], or by postal mail at:
One Network Enterprises
4055 Valley View Ln
Suite 1000
Dallas, TX 75244
USA
Please allow up to four weeks for us to reply.
Binding Arbitration
If your dispute or complaint cannot be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.
Regulatory Oversight
One Network is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.