Last updated September 1, 2022
CoreNexa, LLC and its subsidiaries, affiliates and parent companies (“CoreNexa,” “we,” “us,” and “our”) know you care about your privacy and the protection of your personal information.
- The categories of personally identifiable information about you that may be collected and how the information is used;
- How we collect and use non-personally identifiable information about your use of the Websites;
- The categories of persons or entities with whom the information may be shared;
- The choices that are available to you regarding collection, use, and distribution of the information;
- How you can opt in or out of our promotional emails;
- The kind of security procedures that are in place to protect the loss, misuse or alteration of information;
- How you can review and request changes to the information;
- The privacy practices that apply to subscribers to our Services.
If you reside in the EU or California, there are additional provisions that apply to you, including with respect to the transfer of data to the United States or other jurisdictions. Please see below under “V. Additional Special Provisions Based on Customer Location.”
Why is CoreNexa providing this privacy notice to me?
As a subscriber of our Services, you are entitled to certain privacy protections under Section 222 of the Communications Act of 1934, as amended, (the "Communications Act") and the FCC's rules (47 C.F.R. § 64.2001 – 64.2011), and we are required to provide you a notice of those protections. Your personal information may also be protected by certain other privacy laws or regulations.
In an attempt to provide you with increased value, we may include third party links on our Websites. These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Websites and welcome any feedback about these linked sites (including if a specific link does not work).
Personally identifiable information is information that identifies a particular person ("PII"); it does not include de-identified, anonymous, or aggregate data that does not identify a particular person or persons.
The following information is considered CPNI:
- Information about the quantity, technical configuration, type, destination, location, and amount of your use of the phone services that is made available to us solely by virtue of our provider-customer relationship; and
- Information contained on your telephone bill concerning the type of phone services and features you receive
What kind of PII do we collect?
We collect information from you at several different points when you request, turn on, and use our Services under an account we create for you. Some of this information is PII, but much of it is not. To provide reliable, high quality service to you, we keep regular business records containing information about you that may constitute PII. These account records include the following contact information:
- Your name;
- Service address;
- Billing address;
- Email address; and
- Telephone number
For the avoidance of doubt, we will not upload your device contacts to our app server without express consent and only on an individual basis.
With respect to phone services, examples of CPNI include information typically available from telephone-related details on your monthly bill:
- Location of service;
- Technical configuration of service;
- Type of service;
- Quantity of service;
- Amount of use of service; and
- Calling patterns (for example the telephone numbers you call or that call you and the duration of the calls)
CPNI does not include your name, address, and telephone number, because the Communications Act classifies that information as "subscriber list information" which is not subject to the protections applicable to CPNI. However, that information is also subject to certain protections as described below under "To whom may we disclose PII?"
We also collect and maintain certain other information about your account. For example, this information may include:
- Your account number;
- Billing, payment, and deposit history;
- Additional service information;
- Customer correspondence and communications records;
- Maintenance and complaint information;
- The device identifiers and network addresses of equipment used with your account, including device model and OS version; and
- Additional information about the service options you have chosen
Some of our services permit you to establish secondary accounts, and if you do so we collect similar information to establish and service the secondary accounts. During the initial provisioning of our services, and during any subsequent changes or updates to our services, we may collect technical information about your computer hardware and software, telephones, other service-related devices, automation devices, and customization settings and preferences.
How do we collect information?
We collect CPNI and PII or other information from you in several ways. We may collect information directly from you, for example when you open an account with us or interact with our customer service representatives or the account representative assigned to your account. We may also collect information that you provide when interacting with us on our social media pages, message boards or other forums, including your username or comments as well as information you may publicly share about us.
We may also collect information when you use or interact with our Services such as voice commands and audio recordings made through voice activated devices, geolocation information, IP addresses, device identifiers, network equipment addresses when devices connect to the Services, and device and activity information including what you search and how long you use our Websites and applications.
Finally, we may obtain information from our partners that resell our services or from other third parties such as credit reporting agencies, government entity public records, social networks and online advertising agencies who may share information about the marketing and advertisements you may have seen or clicked on.
Do we use "cookies"?
How do we use PII and CPNI?
The Communications Act applies to CPNI related to our regulated phone services, and certain orders of the FCC apply the CPNI rules to our interconnected voice over Internet protocol communications ("VoIP") services.
The Communications Act authorizes us to use, disclose, or permit access to individually identifiable CPNI in our provision of:
- The telecommunications services from which this information is derived; or
- Services necessary to, or used in, the provision of these services, including the publishing of directories
The Communications Act prohibits us from using CPNI for any purposes other than those listed above except as permitted or required by law or with your approval.
We collect, maintain, and use PII and CPNI as permitted by the Communications Act and other applicable laws. We use this information primarily to conduct business activities related to providing you with our Services, and to help us detect theft of Service.
Generally speaking, we use PII in connection with:
- Billing and invoicing;
- Collection of fees and charges;
- Service delivery and customization;
- Maintenance and operations;
- Technical support;
- Hardware and software upgrades; and fraud prevention
More specifically, we also use PII to:
- Install, configure, operate, provide, support, and maintain our cloud services and other services;
- Confirm you are receiving the level(s) of service requested and are properly billed;
- Identify you when changes are made to your account or services;
- Make you aware of new products or services that may be of interest to you;
- Understand the use of, and identify improvements to, our services;
- Detect unauthorized reception, use, or abuse of our services;
- Determine whether there are violations of any applicable policies and terms of service;
- Manage the network supporting our services;
- Configure and update service-related devices; and
- Comply with law
We may also use, disclose, and permit access to CPNI obtained from our customers, either directly or indirectly, to:
- Initiate, render, bill, and collect for telecommunications services;
- Protect our rights and property, and protect our users of these services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, these services; and
- To provide call location information concerning the user of a commercial mobile phone service
We may not use CPNI to market products and services to you other than enhancements to services you already have without your approval in accordance with our policies described below.
We transmit, and may collect and store for a period of time, PII and non-PII about you when you use our phone services to:
- Send and receive email, video mail, and instant messages;
- Transfer and share files;
- Make files accessible;
- Visit websites;
- Place or receive calls;
- Leave and receive voicemail messages;
- Use the applicable communications center or voice center;
- Establish custom settings or preferences;
- Communicate with us for support; or
- Otherwise use the services and their features
How do we use PII and CPNI in connection with other types of information?
We associate activity data with particular phone devices, and other supported devices so that we know where to deliver the services and how to troubleshoot them. In general, we use de-identified and aggregate activity information to understand better how our customers use our products and services so that we can improve them, including by delivering more relevant content and advertising. We may try to determine how well our products and services deliver value to our customers. As discussed below, we may also combine activity data with other non-personally identifying demographic and similar information from our business records.
We may use this information to improve and communicate with you about our own products and services. When we do this, we do not share your PII, unless you provide your express consent.
III. Disclosure and Protection of PII
With whom do we share information?
We may share PII, CPNI or other information we collect with various entities, consistent with legal requirements, as applicable, regarding consent.
- The CoreNexa and CoreNexa Family of Businesses: We may share the personal information we collect about you with separate CoreNexa or CoreNexa companies for purposes of offering additional services consistent with legal requirements.
- Account Owners and Other Authorized Users: We may share information about a customer’s account and use of a Service to the primary account owner following appropriate authentication. The primary account owner may also allow others to see information on the account.
- Third Parties: We do not sell, and have never sold, information that identifies who you are to anyone. Sometimes, you may ask us to share information that personally identifies you with another company. In that instance, we will make sure you give us clear direction about what you want us to share and with whom, before we share that information.
- Service Providers: To provide and support the Services, sometimes we use other companies as service providers to transmit, collect, process, or store information for us. We require these service providers to treat the information we share with them as confidential and to use it only for providing their services to us. These include:
- Billing and collection providers, such as payment processors and organizations that assist us in assessing your credit and payment status;
- Professional services providers, such as firms that provide consultative services, assist with improving our programming, provide legal services, or supply project-based resources and assistance;
- Analytics services, including entities that analyze traffic to and on our websites, analyze how the Services are used, and assist with identifying and communicating with potential customers. Such entities include but are not limited to Google Analytics (to learn more about how Google collects and uses data, please visit “How Google uses Information from Sites or Apps that Use Our Service” located at https://policies.google.com/technologies/partner-sites);
- Marketing, advertising, and sales entities that assist us in creating and executing marketing and advertising programs, including printing, mailing, and electronic communications services;
- Security providers, such as entities that assist with security incident verification and response, service notifications, fraud prevention, identity management, and authentication;
- Information technology providers, such as entities that assist with website design, hosting, and maintenance, data and software storage, and network operations; and
- Customer service support, including services related to our call centers, installation, maintenance, and repair services
- Potential Purchasers of our Business: If we enter into a potential or actual merger, acquisition, or sale of all or a portion of our assets, then information about you and your subscription will, in most cases, be shared or transferred as part of the transaction. This includes information that personally identifies you.
We may disclose your name, telephone number or address in Caller ID, to public safety officials, or providers directory assistance.
We may disclose your name, telephone number(s) or address in connection with features and services such as Caller ID, 911/E911, and directory services as follows:
- We may transmit your name and/or telephone number to be displayed on a Caller ID device unless you have elected to block such information. Please note that Caller ID blocking may not prevent the display of your name and/or telephone number when you dial certain business or emergency numbers, 911, 900 numbers, or toll-free 800, 888, 877, 866 or 855 numbers.
- We may provide your name, address, and telephone number to public safety authorities and their vendors for inclusion in E911 databases and records, inclusion in "reverse 911" systems, or to troubleshoot 911/E911 record errors.
- We may also make subscriber names, addresses, and telephone numbers available, or cause such subscriber information to be made available, through directory assistance operators.
We may disclose your information to government agencies, to private parties consistent with legal process, or in response of traceback requests.
For subscribers to our communication and phone services, we may be required to disclose PII and individually identifiable CPNI to a private third party in response to a court order, and, if so, we are required to notify the subscriber of the court order. We may also be required to disclose PII and individually identifiable CPNI about subscribers to a government entity in response to a subpoena, court order, or search warrant, for example. We are usually prohibited from notifying the subscriber of any disclosure of PII to a government entity by the terms of the subpoena, court order, or search warrant.
The FCC has recently selected USTelecom as the single industry consortium to conduct traceback efforts to identify suspected sources of illegal robocalls. We may be asked by the consortium to identify the entities that originate or send us suspected illegal robocalls. We intend to cooperate with such requests by identifying to the consortium entities that send us the suspected illegal calls for which the consortium is seeking traceback information.
How do we protect PII?
We follow industry-standard practices to take such actions as are necessary to prevent unauthorized access to PII by a person other than the subscriber or us. However, we cannot guarantee that these practices will prevent every unauthorized attempt to access, use, or disclose PII.
How long do we maintain PII?
We maintain PII about you in our regular business records while you are a subscriber to our Services. We also maintain this information for a period of time after you are no longer a subscriber if the information is necessary for the purposes for which it was collected or to satisfy legal requirements. These purposes typically include business, legal, or tax purposes. If these purposes no longer apply, we will destroy, de-identify, or anonymize the information according to our internal policies and procedures.
IV. Customer Access, Rectification, Deletion, and Choice
How can I see my PII or CPNI and correct it, if necessary?
You may examine and correct, if necessary, the PII regarding you that is collected and maintained by us in our regular business records. In most cases, the PII contained in these records consists solely of billing and account information. We will correct our records if you make a reasonable showing that any of the PII we have collected about you is inaccurate. Please contact us at firstname.lastname@example.org for assistance.
You may also examine the records containing your PII at our office upon reasonable prior notice to us and during our regular business hours. If you wish to examine these records, please contact us by mail or telephone at 215-297-4400, giving us a reasonable period of time to locate and, if necessary, prepare the information for review, and to arrange an appointment. You will only be permitted to examine records that contain PII about your account and no other account.
If you make an affirmative, written request for a copy of your CPNI, we will disclose the relevant information we have to you at your account address of record, or to any person authorized by you, if we reasonably believe the request is valid. However, subscribers to our phone services should be aware that we generally do not provide them with records of any inbound or outbound calls or other records that we don’t furnish in the ordinary course of business (for example, as part of a bill) or which are available only from our archives, without valid legal process such as a court order. In addition, we cannot correct any errors in customer names, addresses, or telephone numbers appearing in, or omitted from, our or our vendors’ directory lists until the next available publication of those directory lists. Further, we may have no control over information appearing in the directory lists or directory assistance services of directory publishers or directory assistance providers that are not owned by us.
We reserve the right to charge you for the reasonable cost of retrieving and photocopying any documents that you request.
How can I request deletion of my information?
In certain circumstances, you have the right to request deletion of your PII or CPNI. To exercise such a request please contact us as explained below under “How do I contact CoreNexa?”.
How do I give or withhold my approval to use CPNI to market additional products and services to me?
From time to time we may use the CPNI information we have on file to provide you with information about our communications-related products and services or special promotions. Such use of CPNI may enhance our ability to offer products and services tailored to your specific needs. In addition, we also offer various other services that are not related to the services to which you subscribe. Under the CPNI rules, some of those services may be considered to be non-communications related products and services. Therefore, you may be asked during a telephone call with one of our representatives for your oral consent to use your CPNI for the purpose of providing you with an offer for communications related or non-communications related products and services. If you provide your oral consent for us to do so, we may use your CPNI only for the duration of that telephone call to offer you additional services.
If you deny or restrict your approval for us to use your CPNI, you will suffer no effect, now or in the future, on how we provide any services to which you subscribe. Any denial or restriction of your approval remains valid until your services are discontinued or you affirmatively revoke or limit such restriction or denial.
How do I place myself on your "do not call" and "do not mail" lists?
If you prefer to contact us in writing instead of by telephone, you may send a written request to the address listed below under "How do I contact CoreNexa?" Be sure to include your name and address, your account number, and a daytime telephone number where you can be reached in the event we have any questions about your request. The person who is identified in our billing records as the subscriber should sign the written request. If you have a joint account, a request by one party will apply to the entire account. If you have multiple accounts, your notice must separately identify each account covered by the request.
How do I manage e-mail communications that you may send to me?
We may send a welcome email and sometimes other information to new partners or subscribers to our services (including each new secondary account holder, where applicable). We may also send service-related announcements to our subscribers from time to time. For example, we may send you an email announcement about a pricing change, a change in operating policies, service maintenance, or new features of one or more of the services you receive from us. You may not opt-out of these service-related communications. If you fail to check your primary email address for service-related announcements, you may miss important information about our services, including legal notices, for example.
We reserve the right to send you promotional or commercial email as permitted by applicable law. For example, if you reside in the EU, we will only send you promotional or commercial email if you provide your express, opt-in consent. You can manage the promotional or commercial emails we may send to you by contacting us at https://www.corenexa.com/contact.
What can I do if I think my privacy rights have been violated?
If you believe that you have been aggrieved by any act of ours in violation of applicable laws, we encourage you to contact us directly as described below in "How do I contact CoreNexa?" to resolve your question or concern.
To the extent you believe we have not addressed your concerns or otherwise choose to do so, you have the right to lodge a complaint with a supervisory authority in the country where you reside and/or the United States. You may contact the US Federal Trade Commission regarding your concerns. For more information, please see https://www.ftc.gov/faq/consumer-protection/submit-consumer-complaint-ftc. If you reside in the European Union, you can also get more information by contacting the EU Data Protection Supervisor, please see https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en
How do I contact CoreNexa?
Mail: CoreNexa, LLC
Attn: Legal Department - Customer Privacy Notice
751 Arbor Way
Arbor Crest I, Suite 150
Blue Bell, PA 19422
V. Additional Special Provisions Based on Customer Location
California Privacy Rights.
Under the California Consumer Privacy Act (“CCPA”), California residents have certain rights regarding the personal information that businesses have about them. This includes the rights to request access or deletion of your personal information, as well as the right to direct a business to stop selling your personal information.
Right to Notice: You have the right to be properly notified of the following:
Right to Access Your Information: You have the right to request the following covering the 12 months preceding your request:
- The specific pieces of personal information we have collected about you
- The categories of personal information that we have collected about you
- The categories of sources from which we collected the personal information
- The purpose for collecting or selling the personal information
- The categories of personal information that we have disclosed about you, the purpose for disclosing such personal information and the categories of third parties with whom we disclosed such personal information
- The categories of personal information that we have sold about you, as well as the categories of third parties to whom we sold such personal information
If you would like to exercise your right to request access, please submit your request by calling us at (888) 471-1990 or by emailing us at email@example.com.
Right to Opt-Out of Sale: While we do not sell personal information in exchange for any monetary consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by the CCPA (Cal. Civ. Code 1798.140(t)(1)). We support the CCPA and wish to provide you with control over how your personal information is collected and shared. You have the right to direct us to not sell your personal information. If you would like to exercise your right to request opt-out of sale, please click “Do Not Sell My Personal Information” or submit an email to firstname.lastname@example.org.
Please note that we may still use aggregated and de-identified personal information that does not identify you or any individual; we may also retain information as needed to comply with legal obligations, enforce agreements, and resolve disputes.
Right to Deletion: You have the right to request that we delete any personal information about you that we have collected from you. Please note that there are exceptions where we do not have to fulfill a request to delete information, such as when the deletion of information would create problems with the completion of a transaction or compliance with a legal obligation. If you would like to exercise your right to request deletion, please submit your request by calling us at (888) 471-1990 or by emailing us at email@example.com.
Right to Non-Discrimination: We will not discriminate against you (e.g., through denying goods or services, or providing a different level or quality of goods or services) for exercising any of the rights afforded to you.
How to Exercise Your Rights: To exercise your rights described above, please submit a verifiable consumer request to us by calling us at (888) 471-1990 or by emailing us at firstname.lastname@example.org.
Verifiable Consumer Requests: Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access to your personal information twice within a 12-month period. The verifiable consumer request must: 1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative of that person; and 2) describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it. We cannot respond to your request to exercise your access and/or deletion rights if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password-protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format: We attempt to respond to a verifiable consumer request within 45 days after we receive it. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing within 45 days after we receive your initial request. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period prior to the date we receive the verifiable consumer request. The response we provide will also provide the reasons we cannot comply with a request, if applicable. For access requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
California’s Shine the Light law: California residents with an established business relationship with us can request information once a year about sharing their personal information with third parties for the third parties’ direct marketing purposes. If you’d like to request more information under the California Shine the Light law, and if you are a California resident, you can contact us at email@example.com.