CXPoint Privacy Policy

To learn more about the Data Protection Framework, and to view our certification, please visit https://www.dataprivacyframework.gov/.

CXPoint shall comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. CXPoint is in process of certification to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) regarding the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Likewise, CXPoint complies to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the UK Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/ DPF Principles enable CXPoint to satisfy requirements in the EEA pertaining to protecting Personal Data that is transferred out of those jurisdictions. CXPoint certifies that it adheres to the principles of notice, choice, and accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. For Personal Data transferred from the EEA, in the event that there is any conflict between this Privacy Notice and the Data Protection Framework Principles, the Data Protection Framework Principles shall govern .

CXPoint maintains a Data Protection Officer as a key contact for questions and complaints regarding Personal Data. Please contact us at dpo@cxpoint.co.uk with any questions or concerns you may have about this Privacy Notice or our use of your Personal Data.

CXPoint is a Data Processor on behalf of its customers who procure CXPoint products and services. Our products and services facilitate our customers to place, record, log, and otherwise manage contacts, telephone calls, and other types of electronic communications which may generate Personal Data (e.g. time of call, call status, parties to a call, call recordings, and others). Some of our products and services might enable our customers to transmit information between our platform and contact center telephony platform (on-premise or cloud platforms) as necessary to manage a call center and contacts in which agents at that call center communicate (e.g. first name, last name, address, email address, telephone number, SMS number, Internet screen name, and others). Following the principles of the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF Principles, CXPoint only processes Personal Data collected through our products and services at the behest of our customers. We will not sell or otherwise transfer the Personal Data to any third party unless (1) otherwise agreed to by our customers when they transfer information to us, such as to provide needed information to our Agents, resellers, partners and contractors who may provide products or services (e.g. our data center provider); (2) in connection with the sale of all or substantially all of the assets of a business division of CXPoint, a line of CXPoint’ business or CXPoint’ entire business or merger with another company; (3) to payment processing vendors as necessary for processing credit card transactions or support transactions; or (4) for compliance with possible legal or governmental disclosure requirements. In connection with the above, it should be understood that in some rare cases it may be necessary to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If CXPoint is processing your Personal Data on behalf of one of our customers, you may opt out in writing of any disclosure of your Personal Data to any third party that is not our Agent or the use of that data for a purpose other than the purpose for which it was originally collected from, or subsequently authorized by, you. We will not disclose Sensitive Personal Data to a third party that is not our Agent or use Sensitive Personal Data for a purpose other than the purpose for which it was originally collected from, or subsequently authorized by you unless we have received your affirmative and explicit consent to do so (i.e., opt-in consent). The above is aligned with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF Principles. For additional information regarding how you may restrict the use or disclosure of your Personal Data, please contact us atdpo@cxpoint.co.uk

You have the right to obtain confirmation from CXPoint of whether we maintain Personal Data relating to you. Upon request, we will provide you with access to the Personal Data that we hold about you within a reasonable time period. We will also enable you to correct, amend or delete Personal Data related to you in our possession and control that is inaccurate or incomplete. Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have. For information regarding how you may request to access, correct, amend, or delete your Personal Data please contact us at

By using our services, you acknowledge that your information may be leveraged or used by our AI engines and models as part of our company's privacy policy. Our AI engines and models are designed to improve our services and provide a better user experience. This may include, but is not limited to, the following uses:

• Analyzing user behavior and preferences to personalize content and recommendations
• Identifying trends and patterns to improve our services and products
• Enhancing our machine learning algorithms to improve accuracy and efficiency
• Providing insights and analytics to our teams to inform business decisions
• Complying with legal and regulatory requirements, such as data retention and reporting obligations

We will only use your information in accordance with our privacy policy and will take reasonable steps to ensure that your information is secure and protected from unauthorized access, use, or disclosure.

CXPoint is committed to protecting the Personal Data entrusted to us. We have implemented reasonable and appropriate physical, electronic and administrative procedures to safeguard and secure this information from loss, misuse, unauthorized access or disclosure, alteration and destruction. We will take special care to ensure the security of Sensitive Personal Data. We will use and disclose Personal Data only in ways that are compatible with and relevant to the purposes for which such information was collected or authorized by you. To the extent necessary for this purpose, we will take reasonable steps to ensure that Personal Data remains accurate, complete, current and reliable for its intended use. Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be completely secure. As a result, while CXPoint utilizes industry standard security technologies and procedures intended to protect all Personal Data, we cannot ensure or warrant that Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network. We will notify you in the event we become aware of a security breach involving your personally identifiable information (as defined by the applicable state and federal laws) stored by or for us. By disclosing your email address to us for any reason, you expressly consent to receive electronic notice from us in the event of such a security breach.

When providing services to our customers, we will engage a limited number of Agents which play a role in delivering a part of the solution and services and potentially processing data on our behalf, as part of our customer’s instructions. Agents are bound by strict compliance and contractual terms which provide the same level of protection to Personal Data as that foreseen towards our customers.

CXPoint is potentially liable in cases of onward transfers of Personal Data to third parties. We will obtain written assurances from our Agents that they will safeguard Personal Data in accordance with this Privacy Notice. Appropriate assurances may include:

• we will require our Agent to enter into a contract and NDA with us that requires the Agent to provide at least the same level of protection as is required by the Data Protection Framework Principles
• in certain circumstances, our Agent may be subject to the Data Protection Laws
• our Agent may be established in a country that is subject to a finding of adequacy by the European Commission as per Data Protection Laws; or
• our Agent may have their own Data Protection Framework certification. Please note that all along the process described above, CXPoint will firmly and consistently comply with the Principles of the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF Principles.

Your complaint may be resolved by CXPoint internally. We will investigate the matter and attempt to resolve the issue quickly. In any case, our commitment is to respond within 10 days and resolve the complaint within 45 days of acknowledging the complaint. We also agree to participate in independent dispute resolution of your complaints through the EU data protection authorities (DPAs). We will cooperate with the DPAs in the investigation and resolution of complaints brought under the Data Protection Framework and we agree to comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Under certain conditions, it is possible for individuals to invoke binding arbitration before the panel. The Lead Supervisory Authority for CXPoint in the UK is The ICO Data Protection Authority chair by Data Privacy officer. ( dpo@cxpoint.co.uk )

CXPoint will conduct compliance audits of our privacy practices to verify compliance with this Privacy Notice. Any CXPoint employee that we determine has acted in violation of this Privacy Notice will be subject to disciplinary action up to and including termination of employment. Any questions or concerns regarding our use or disclosure of Personal Data should be addressed to the CXPoint DPO at dpo@cxpoint.co.uk. We will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of Personal Data in accordance with the provisions of this Privacy Notice.

It is our policy to post any changes we make to our Privacy Notice on the website. If we make material changes to how we treat Personal Data that falls within the scope of our Privacy Notice, we will notify you by email to the email address specified in your account or through a notice on this website. The date the Privacy Notice was last revised is identified at the top of the page.

You may contact our Data Protection Officer at dpo@cxpoint.co.uk. We encourage you to contact our DPO in writing to inform us of any complaints or disputes you may have regarding the use of your Personal Data or to request access to your Personal Data. Lastly, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CXPoint commits to cooperate with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.