PRIVACY NOTICE

Last Updated: October 30th, 2023

This notice (“Notice”) applies to FrontApp, Inc. and its relevant affiliates (“Front”,” “us,” “we,” or “our”). Front is a software-as-a-service company that builds and supports a customer communication hub that keeps teams focused on what technology can’t replace: ensuring every conversation strengthens the customer relationship. Front is the controller of personal data described in this Notice, unless otherwise specified. If you are located in the European Economic Area, Switzerland or the United Kingdom, please refer to Section 15 of this Notice for more information about which specific entity or entities act as a controller in relation to your personal data.

Our Services are intended for use by businesses. Where our Services are made available to you as an End User of Front through a Front Customer, that Customer is the data controller of your personal data and you should contact that Customer with questions or requests regarding your personal data. Front is not responsible for our Customers’ privacy or security practices which may be different from this Notice.

As used in this Notice, “personal data” means any information that relates to, describes, or could be used to identify an individual, directly or indirectly. As used in this Notice, the “Websites” means Front’s websites including without limitation www.front.com, www.frontapp.com, and any successor URLS, mobile or localized versions and related domains and subdomains. Capitalized terms not defined herein (such as Customer, Services, and other terms) have the meaning provided in our SaaS Services Agreement located here.

Applicability: This Notice applies to personal data that Front is the controller of, which may include: (i) data collected through the Websites, the Front mobile applications, our branded social media pages, and other websites which we operate (collectively, our “Digital Properties”); (ii) data collected in connection with digital communications, paper forms, in person interactions which may include marketing and outreach activities, like surveys, contests, promotions, sweepstakes, conferences, webinars, and events where we post a direct link to this Notice; (iii) Customer contact information; (iv) data collected about individuals who visit our offices or engage in commercial transactions with us; and (v) data collected through Front’s corporate activities.

This Notice does not apply to the following information:

• Personal data about Front employees and candidates, and certain contractors and agents acting in similar roles.

• Personal data that Front processes on behalf of our Customers.

Changes: We may update this Notice from time-to-time to reflect changes in legal, regulatory or operational requirements, our practices, and other factors. Please check this Notice periodically for updates. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will notify you of any changes to this Notice by posting an update on our Website and updating the “Last Updated” date at the beginning of this Notice or in another appropriate manner.

Front collects information about you and how you interact with us in several ways, including:

• Information you provide to us directly. We collect the information you provide to us directly. This includes instances when you register and communicate with us directly through our Digital Properties, when you visit our offices, when you participate in our events, or when you participate in our marketing and outreach activities including surveys, contests, promotions, sweepstakes, conferences, webinars, and events.

• Information collected from your Employer, Coworkers, or Friends. We may collect and process personal data concerning representatives (e.g., employees) of our current, past and prospective customers, suppliers, investors and business partners from such companies or other employees of such companies. We may also receive your name, address, phone number, and company name from a friend as part of a referral.

• Information automatically collected or inferred from your interactions with us. We automatically collect technical information about your interactions with our Digital Properties (such as IP address, browsing preferences, and cart and purchase history). More information is available in Section 6 below (“Cookies and Tracking Technologies”), our Website Cookie Policy found here.

• Information from public sources. We may collect information from government entities from which public records are obtained and information you submit in public forums, including information made publicly available on social media networks.

• Information from other third parties. We receive information about you from other third parties, such as third party service and content providers, entities with whom we partner to sell or promote products and services, telephone and fax companies, authentication service providers, data brokers, and social media networks (including widgets related to such networks, such as the “Facebook Like” button). Your interactions with social media features are governed by the privacy statement of the companies that provide them.

We may combine information that we receive from the various sources described in this Notice, including third party sources and public sources, and use or disclose it for the purposes identified below.

The types of personal data that we collect include:

• Identifiers, such as your name, alias, postal address, unique personal identifier, online identifiers (such as various advertising identifiers), instant messaging ID, internet protocol (IP) address, email address, account or user name, phone number, social media identifiers (e.g., Twitter handle, Instagram name, etc.), or other similar identifiers.

• Customer records, such as customer contact name, email address, and credit card information. For example, if you sign-up for a free trial Account, you are not required to enter your credit card information unless and until you decide to continue with a paid subscription to our Services. As further described in Section 5, we may use third-party processors to process this information.

• Commercial information and preferences, including records of creditworthiness, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

• Internet or other electronic network activity and device information, such as your browsing history, search history, information about your device, operating system, cellular carrier, location, and other information regarding your interactions with our Digital Properties or products and services, emails, mobile application, or advertisements. Some of this information may be collected using cookies and other tracking technologies as described more in Section 6 and our Website Cookie Policy found here.

• Geolocation information, such as longitude and latitude from your IP address or mobile device location; city and state through a webform.

• Audio, electronic, visual, and other sensory information, such as video/photo or audio recordings of our premises (e.g., if you attend an event or visit our offices); recordings of your interactions with our sales, support, technical support engineers, and other supporting teams (e.g., for quality assurance, training, and analysis purposes in accordance with applicable laws); or customer support logs.

• Professional or employment-related information, such as your company or employer, company website, your job title and role, training and certification activity, company information, or business address.

• Inferences drawn from any of the information we collect to create a profile about you reflecting your preferences, characteristics, and behavior.

We may use each category of your information described above in the following ways:

• To enable interactions and provide our Services to you. We may use your personal data to create, maintain, customize, administer, and secure your Account; enable you to access and use the Websites and the Services; to enter, manage, and fulfill our contract with you or your company; provide, operate, maintain, improve and promote the Websites and Services; process and complete your contact and support requests and send you related information, including purchase confirmations and invoices; inform you of additional features and other Services offered by us; diagnose, repair and track service and quality issues; facilitate an order, download, expiration or termination; send you transactional messages, provide security alerts and updates, and communicate with you about our data practices; manage and promote conferences, webinars, and events registrations; manage and promote surveys, contests, promotions, and sweepstakes; personalize and improve our Digital Properties and your Services experience; deliver content information relevant to your interests; install and configure changes and updates to programs and technologies related to interactions with us; authenticate those who interact with us; and to respond to your requests, complaints, and inquiries.

• To fulfill a referral request. If you choose to use our referral service to tell a friend about our Services, we will use the name and email address that you provide us to contact your friend. You must only provide your friend’s name and email address if you have a reasonable belief they will not object to Front contacting them.

• For our own business purposes. We may use your personal data to evaluate or audit the usage and performance of programs and technologies related to interactions with us; evaluate and improve the quality of your interactions with us, our Services and Websites, and programs and technologies related to interactions with us; design new services; process and catalog your responses to surveys or questionnaires (e.g., customer satisfaction reviews); record phone calls and/or video meetings for quality assurance, training and analysis purposes in accordance with applicable laws (including obtaining consent or an opportunity to object if required by law); perform internal research for development and demonstration; conduct analysis and testing; credit and payment collection, accounting and other similar business functions; and maintain proper business records and other relevant records.

• For legal, safety, or security reasons. We may use your personal data to comply with legal requirements such as export controls and know-your-customer; establish, exercise or defend against legal claims that we may have against you or pursue together with you, whether in court proceedings or in an administrative or out-of-court procedure; protect the safety, security, and integrity of our property (such as our Digital Properties, Services, databases and other technology assets) and rights of those who interact with us or others; review compliance with applicable terms of use, investigate fraudulent transactions, unauthorized access to our Digital Properties and Services, content and conduct policy violations, and illegal activities (in compliance with legal obligations under applicable laws); and otherwise detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity. These safety purposes may also involve collecting and processing special categories of personal data (i.e., health data), for office visits and events where necessary for reasons of public health interest or required by applicable law.

• For marketing. We may use your personal data to market our products or Services or those of third parties, such as our business partners. This may include sending you marketing communications, product recommendations, and other non-transactional communications (via email, phone, or other online and offline communications) about our Services or those of third parties, promotions, news, and events. We may use your personal data when you participate in marketing surveys, questionnaires, promotions, testimonials, online comments, product feedback, events, sweepstakes or other contests. We may audit aspects of our ad impressions. We may use your personal data for contextual ad customization. You can opt-out of marketing communications by clicking the unsubscribe link at the bottom of our marketing communications. If there is no unsubscribe link, you may reply to the communication directly stating that you no longer wish to receive marketing communications. For further information, please see Section 6 below (“Cookies and Tracking Technologies”) and our Website Cookie Policy found here.

• Corporate transactions. We may use your personal data in connection with corporate transactions, sales, mergers, acquisitions, reorganizations, bankruptcy, and other corporate events. For example, we may use your personal data to comply with requests of a prospective or an actual purchaser interested in our companies and other assets, or in relation to a prospective or actual purchase of companies or assets by us.

• Consent. We may use your personal data for any other purposes for which you provide consent.

• In a de-identified, anonymized, or aggregated format. Depending on the applicable law, when converted to a de-identified, anonymized, or aggregated format, data may no longer constitute personal data and we may use this information for any purpose not prohibited by law.

EEA individuals: Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context. We will collect personal data from you where we need the personal data in performance of a services agreement with you (to provide Services to you), where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent (which can be withdrawn at any time). In some cases, we may also have a legal obligation to collect personal data from you. For more information, please see Section 15 (“Supplemental Information for the EEA, Switzerland, and the UK”).

We may share your personal data with the categories of recipients described below:

• Affiliates and subsidiaries. We may share your personal data within our group of companies at the end of this Notice (known as the “Front Group”), which includes parents and our ultimate holding companies, affiliates, subsidiaries, business units and other companies that we acquire in the future after they are made part of the Front Group, who will use it for the purposes described in this Notice.

• Service providers. We may share your personal data with service providers working on our behalf, such as hosting service providers, IT providers, operating systems and platforms, internet service providers, data analytics companies, and marketing providers. We may also contract with companies to provide certain services, such as identity verification, email distribution, market research, and promotions management. We provide these companies with only the information they need to perform their services and work with them to ensure that your privacy is respected and protected. These companies are prohibited by contract from using this information for their own marketing purposes or from sharing this information with anyone other than with us, unless at our direction as part of providing the service or with your agreement.

• With third parties at your direction or that are necessary to complete transactions. We may disclose your personal data to entities that assist us in fulfilling your orders and requests, such as credit card processors and partners that may supply part of your order. We may also disclose your personal data to third parties that you may direct (such as if you choose to participate in events, offers or promotions that are jointly offered with third parties).

• Business partners. We may also provide your personal data to business partners for their own purposes, such as:

  • To event sponsors, in which case your information will be subject to the sponsors’ privacy statement(s). If required by applicable law, we will obtain your consent before sharing data with event sponsors.

  • To a Customer, such as when sharing information about End Users of a Customer’s account.

  • To channel partners (third-party organizations or individuals that market and sell products and services for us), for the purpose of enabling our channel partners to notify you about our Services. We require our channel partners to provide an opt-out option within their communications to you. By opting-out, you are opting out of receiving future communication from our channel partner.

  • To third-party networks and websites for marketing and advertising on third-party platforms and websites.

• Professional advisors. We may share your personal data with various professional advisors such as lawyers, accountants, and auditors.

  • For legal, security and safety purposes. We may share your personal data to respond to lawful requests by law enforcement or other government authority in accordance with our Law Enforcement Data Request Guideline. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person; to enforce or apply our SaaS Services Agreement, End User Conduct and Content Policy, and other agreements; and to protect our rights and our property or safety of our users or third parties; or to otherwise establish, exercise and defend against legal claims (including by sharing data with opposing or other related parties to the proceedings and their professional advisors); and as otherwise required by law.

  • In connection with a corporate transaction. If we sell/acquire some or all of our assets, merge or are acquired by another entity (including through a sale or in connection with a bankruptcy), or engage in other similar forms of corporate change, we will share your personal data with that entity.

  • The public. There may be opportunities for you to make public comments regarding us or our products. If you provide testimonials or provide feedback we may post your name along with with your consent. We may post anonymized testimonials and content feedback without your consent. Our Websites may offer publicly accessible blogs, community forums, comments sections, discussion forums, or other interactive features (“Interactive Areas”). You should be aware that any information you post in an Interactive Area might be read, collected, and used by others who access it.

• Consent. We may disclose your information to other third parties with your consent. We may also de-identity, anonymize, or aggregate personal data to share with third parties for any legally permitted purpose.

Cookies, Pixels, and Similar Tracking Technologies Used: We and our authorized partners also collect information via cookies, web beacons, pixels, tags, embedded scripts, session replay tools, SDKs, Local Storage such as HTML5 and Local Shared Objects (“LSOs,” also known as Flash cookies), or other data retrieval and tracking technologies (“Tracking Technologies”), such as your Internet Service Provider and IP address, device identifier, browser type, operating system, your device’s WiFi MAC address or Bluetooth MAC address, the date and time you access our Digital Properties, the pages you accessed while visiting our Digital Properties, and the Internet address from which you accessed our Digital Properties. Cookies are a type of technology that installs a small amount of information on a user’s computer or other device when they visit a website. Cookies permit a website to, for example, recognize future visits using that computer or device. Some cookies exist only during a single session and some are persistent over multiple sessions over time. We and our partners use these Tracking Technologies to ensure basic functionality of our Digital Properties; to remember user preferences (including your preferences regarding Tracking Technologies); maximize the performance of our Digital Properties and Services; provide you with offers that may be of interest to you; measure the effectiveness of our Digital Properties, marketing campaigns, and email communications; and to personalize online content. These Tracking Technologies may be used to track you over time and across devices, websites, and Services.

Additionally, we may employ, either directly or through third parties, tracking pixels. Tracking pixels are tiny, transparent graphics with a unique identifier, similar in function to cookies, and are used to provide analytical information concerning the user experience as well as to support custom marketing activities for users of our Digital Properties. In contrast to cookies, which are stored on a user’s computer hard drive, tracking pixels are embedded invisibly on web pages. Our Digital Properties may use tracking pixels to help us better manage content, such as by improving the user interface or improving our marketing programs or the marketing of our affiliates, business partners, and other third parties (including for interest-based advertising as described below). The Digital Properties may use information to create aggregate tracking information reports regarding user demographics, traffic patterns and purchases. We may also link tracking information with personal data.

Third-Party Companies: To provide you with a more relevant and interesting experience, we may work with third party companies to display ads or customize the content on our Digital Properties or through other communication channels. These companies may use Tracking Technologies as described in this Notice to gather information about you, which may include your precise location, your visits to the Digital Properties, and your visits elsewhere on the Internet. These companies also may use this information to provide you with more relevant advertising known as interest-based advertising, which may include sending you an ad on another online service after you have left our Digital Properties (i.e., retargeting).

Your Choices: You may choose whether to receive some interest-based advertising. If located in the European Economic Area, Switzerland or the United Kingdom, then essential cookies must always be used in order to provide the Services you have requested, However, you will be provided notice of our use of and subsequent processing of data collected through non-essential cookies (i.e. functional cookies, analytics cookies, targeting cookies and social media cookies) at the time when you first visit the Front website. If located in the European Economic Area, you may also more generally opt in to the use of cookies, by clicking here. The Digital Advertising Alliance (“DAA”) and Network Advertising Initiative (“NAI”) also provide mechanisms for you to opt out of interest-based advertising performed by participating members at http://www.aboutads.info/choices/ and optout.networkadvertising.org. You can also visit http://www.aboutads.info/appchoices for information on the DAA’s opt-out program specifically for mobile apps (including use of precise location for third party ads). Opting out of interest-based advertising will not opt you out of all advertising, but rather only interest-based advertising from us or our agents or representatives. Further, cookie-based opt-outs must be performed on each device and browser that you wish to have opted-out. For example, if you have opted out on your computer browser, that opt-out will not necessarily be effective on your mobile device. DAA/NAI browser based opt-outs will not function or may no longer be effective if your browsers are configured to reject cookies, if you subsequently erase your cookies, or if you use a different device or web browser. We are not responsible for the effectiveness of these or any other third-parties’ opt-out options or programs.

Do Not Track: Some browsers have incorporated Do Not Track (“DNT”) preferences. Most of these features, when turned on, send signals to the website you are visiting that you do not wish to have information about your online searching and browsing activities collected and used. As there is not yet a common agreement about how to interpret DNT signals, we do not honor DNT signals from website browsers at this time. However, you may refuse or delete cookies. If you refuse or delete cookies, some of our website functionality may be impaired or some of the advertising served to you may not be relevant for you anymore. If you change computers, devices, or browsers, or use multiple computers, devices, or browsers, and delete your cookies, you may need to repeat this process for each computer, device, or browser. Please refer to your browser’s Help instructions to learn more about how to manage cookies and the use of other Tracking Technologies. You can also find more information on managing cookies at All About Cookies – Manage Cookies.

For more information about the use of cookies on our Websites and how to manage your cookie settings, please read our Website Cookie Policy found here.

Section 6 does not apply to in-product cookies used within our Services. Our Product Cookie Policy can be found here.

We maintain reasonable security procedures and technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, disclosure, alteration, or use.

Where Front is the controller of personal data, your personal data will be generally retained as long as necessary to fulfill the purposes we have outlined in Section 4 of this Notice. This includes retaining your data to provide you with the Services requested and to interact with you; to enable your participation in an event; to maintain a business relationship with you/your company; to improve our business over time; to ensure ongoing legality, safety and security of our services and relationships or otherwise in accordance with our internal retention procedures.

Once you or your company has terminated the contractual relationship with us or otherwise ended your relationship with us, we may retain your personal data in our systems and records in order to: ensure adequate fulfillment of surviving provisions in terminated contracts, or for other legitimate business purposes, such as in order to evidence our business practices and contractual obligations, to provide you with information about our products and services, or to comply with the applicable legal, tax or accounting requirements. Likewise, we will retain your personal data during the applicable statute of limitation period for the establishment, exercise or defense of potential legal claims.

When we have no ongoing legitimate business need nor lawful legal ground to process your personal data, we will delete, anonymize, or aggregate it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. If you would like to know more about retention periods applicable to your particular circumstance, you can contact us using details provided in Section 12 below.

We collect your information when you participate in a user research project, and we will only use the information for the project you are participating in and to reach out to you about future research opportunities. We will retain your information for as long as we have a legitimate purpose for doing so, and process your information in accordance with this Notice.

Our Websites and Services are not directed to children under the age of 16 and we do not knowingly collect online personal data directly from children. If you are a parent or guardian of a minor child and believe that the child has disclosed online personal data to us, please contact [email protected].

When interacting with us you may encounter links to external sites or other online services, including those embedded in third party advertisements. We do not control and are not responsible for the privacy and data collection policies for such third party sites and services. You should consult such third parties and their respective privacy notices for more information or if you have any questions about their practices.

The SaaS Services Agreement can be found here.

If you have questions or complaints regarding this Notice or about the Front Group’s privacy practices, please contact us by email at: [email protected] or at:

FrontApp, Inc.
Attn: Privacy Team
1455 Market Street, Floor 19
San Francisco, California 94103
United States

Laws in certain jurisdictions may provide individuals with rights relating to personal data, such as those listed below. We will honor these rights to the extent required by law.

• Access. You may have the right to obtain confirmation from us if personal data is being processed, and related information; and the right to obtain a copy of your personal data undergoing the processing.

• Rectification. You may have the right to request the rectification of inaccurate personal data and to have incomplete data completed.

• Objection. You may have the right to object to the processing of your personal data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing. You also have the right to object / opt-out to the processing of your personal data for direct marketing purposes by clicking the unsubscribe link at the bottom of the email marketing communication received or by emailing us at [email protected].

• Portability. You may have the right to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit it to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.

• Restriction. You may have the right to request to restrict the processing of your personal data in certain cases.

• Erasure. You may request to erase your personal data if (i) it is no longer necessary for the purposes for which we have collected it, (ii) you have withdrawn your consent and no other legal ground for the processing exists, (iii) you objected and no overriding legitimate grounds for the processing exist, (iv) the processing is unlawful, or erasure is required to comply with a legal obligation.

• Right to lodge a complaint. You also may have the right to lodge a complaint with a supervisory authority in the country where you reside. The contact details for data supervisory authorities in the EEA, Switzerland, and the UK are available here

• Right to refuse or withdraw consent. In case we ask for your consent to processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences by contacting us using the contact information provided above. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.

• Automated decision-making. We hereby inform you that the types of automated decision-making referred to in Article 22(1) and (4) GDPR do not take place on our Websites or in our Services. Should this change, we will inform you about it and the fact that you have the right not to be subject to those types of decisions based solely on automated processing and to be given more information about why any such decision was made.

In order to exercise your rights (or other rights that may be available to you under your local data protection laws), please contact us by emailing us at [email protected]. We try to respond to all legitimate requests within one (1) month of receipt of the request or as otherwise required under applicable law. If the response will take us longer, we will notify you. If we have reasonable doubts concerning your identity, we may request you to provide us with additional information to verify your identity.

Pursuant to the California Consumer Privacy Act (“CCPA”), this section applies to certain personal data collected about California residents where Front acts as a “business” and supplements the rest of our Notice above. This section does not apply to the following information:

• Information about individuals who are not California residents;

• Information about our own employees, contractors, agents, and job applicants. Such information is subject to a separate privacy notice that we will make available to individuals;

• Information we collect from individuals with whom we engage in solely business-to-business communications and transactions, such as information about the employees of our business partners and customers; and

• Information that we process as a “service provider” to our business customers. In such cases, we follow the instructions of the business that engaged us when processing your personal data, and you should contact that business for more information about how your personal data is processed.

Sources of personal data: See Section 2 above.

Uses of personal data: The business and commercial purposes for which we collect personal information are detailed in Sections 4 and 6 above.

Disclosing personal data: Our data disclosure practices are detailed in the chart below and align with the information provided above in Section 3 (Types of Personal Data We Collect), Section 5 (To Whom We Disclose Your Personal Data), and Section 6 (Cookies and Tracking Technologies). We do not sell (as such term is defined under the CCPA) personal data, including personal data about individuals under the age of 16.

Your Rights:

Subject to legal limitations, certain California residents may exercise the following rights by emailing us at [email protected].

• Right to Know. You have the right to request information about the categories of personal data we have collected about you, the categories of sources from which we collected the personal data, the purposes for collecting the personal data, the categories of third parties to whom we have disclosed your personal data, and the purpose for which we disclosed your personal data (“Categories Report”). You may also request information about the specific pieces of personal data we have collected about you (“Specific Pieces Report”).

• Right to Delete. You have the right to request that we delete personal data that we have collected from you.

• Right to Opt Out. We do not sell personal information.

We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights.

Verification: In order to process requests, we will need to obtain information to locate you in our records or verify your identity depending on the nature of the request. In most cases, we will request information about you, which may include your name, email address, or other information. If you submit a request, we may also request a signed declaration, under penalty of perjury, that you are who you say you are. We may request alternative information under certain circumstances and/or use third parties to help verify your identity.

Authorized Agents: Authorized agents may exercise rights on behalf of California consumers, but we reserve the right to also verify the consumer’s identity directly as described above. Authorized agents must contact us by submitting a request emailing us at [email protected] and indicate that they are submitting the request as an agent. Agents must provide evidence of the agent’s identity, proof of registration with the California Secretary of State (if the agent is a business), and at least one of the following documents evidencing proof of the agent’s legal authority to act on the behalf of the individual consumer: (i) Power of Attorney that we can reasonably verify; or (ii) Signed permission by the Consumer.

Timing: We will respond to Requests to Delete and Requests to Know within forty-five (45) days, unless we need more time in which case we will notify you and may take up to ninety days total to respond to your request.

The following terms supplement the Notice with respect to our processing of European Economic Area (i.e., European Union Member States, Iceland, Liechtenstein and Norway), Swiss, and UK personal data. To the extent applicable, in the event of any conflict or inconsistency between the other parts of the Notice and the terms of this Section 15, Section 15 shall govern and prevail with regard to the processing of EEA, Swiss and UK personal data.

1. Data Controller: The Front entity with which you have a primary relationship with (such as the entity that concluded sales/services/supply contract with you; the entity that has provided you with marketing and promotional materials and communications; the primary entity in the region where you access our Website) is the controller of personal data collected from individuals within the scope of this Notice. In the majority of cases, this will be FrontApp, Inc., unless we specifically inform you otherwise. On some occasions, more than one Front entity may process your personal data as independent controllers. If you have any questions about controllership, please contact us (see Section 12 for contact information).

2. Legal bases for processing: We rely on the following legal grounds for the collection, processing, and use of your personal data:

   1. The processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract. This includes instances when we need to enable interactions between you and us and to provide our services to you; when we need to facilitate our business relationship with you or companies acting as our investors, suppliers and other business partners; and when we conclude and fulfill our part of the contract with our customers.

   2. The processing is necessary for compliance with a legal or statutory obligation to which we are subject. This includes instances when we are required by various business laws to carry out various compliance checks (such as export controls) related to our customers, investors, suppliers, and other business partners. It may also include various local tax and accountancy compliance obligations we have to comply with due to the operation of our business.

   3. The processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. This includes instances where we process your personal data for our own internal business-improvement purposes, certain survey and questionnaires we may carry out, and our marketing activities (for example by sending you digital direct marketing related to similar products/services we have provided to you), unless consent is required under applicable laws. We may also provide some of the auxiliary support to our services based on our legitimate business interest to do so, even though we are not required to do so under our contracts, including through various digital communication and other tools we provide in the course of our business relationship with you.

   4. Where you provided us with your consent to the processing of your data for one or more specific purposes. This includes digital direct marketing communications where your consent is required by law or in other instances where we asked for your consent in order to collect and process your personal data (we will inform you at each such occasion).

   5. The processing is necessary for reasons of public interest in the area of public health. This may include our legitimate interests and legal obligations in the collection and processing of health data from office visitors or event attendees in the context of a pandemic or related health threatening scenarios in order to protect individuals against serious cross-border threats to health or ensuring high standards of quality and safety of health care;

   6. The processing is necessary for our legitimate interests in the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

3. International Transfers of Personal Data: Due to the global nature of our operations, some of the recipients mentioned in Section 5 of the Notice may be located in countries outside the EEA, Switzerland, or the UK, which do not provide an adequate level of data protection as defined by data protection laws in the EEA, Switzerland and the UK. Certain third countries have been officially recognized by the EEA, Swiss and UK authorities as providing an adequate level of protection and no further safeguards are necessary. The below outlines how we protect your personal data when transferring it outside those countries.
   1. Intra-group: Intra-group international transfers will be to countries where Front entities are located, in particular the United States of America. The transfer of your personal data outside the EEA, Switzerland and the UK to our group companies located in third countries which do not offer an adequate level of protection in comparison with the EEA, Swiss or UK privacy standards will be based on the following safeguards:
      • The UK Standard Contractual Clauses, as applicable. We may also utilize addendums and other data transfer agreements specific to certain countries.
        
   2. Third parties: Some of the third parties with whom we share personal data are also located outside the EEA, Switzerland or the UK in third countries, which do not provide an adequate level of data protection as defined by data protection laws in the EEA, Switzerland or the UK. Transfers to third parties located in such third countries take place using an acceptable data transfer mechanism, such as Front’s certification to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework; the EU/UK Standard Contractual Clauses; approved Codes of Conduct and Certifications; on the basis of permissible statutory derogations; or other valid data transfer mechanisms issued by the EEA, Swiss or UK authorities. Please reach out to us using the Contact Info above, if you want to receive further information or, where available, a copy of the relevant data transfer mechanism.
      

FrontApp, Inc. has certified to the United States Department of Commerce that we adhere to the Data Privacy Framework Principles (“Principles”) of the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, as further described in the Front Data Privacy Framework Certification Notice, which supplements this Privacy Notice with respect to personal data we process as a controller.

Canada: Personal data, as defined in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) will be collected, stored, used and/or processed by the Front Group in accordance with the Front Group’s obligations under PIPEDA.

Nevada: We do not presently sell personal data. If you are a Nevada resident, you may nevertheless email us using the information above to exercise your right to opt-out of sale under Nevada Revised Statutes §603A et seq.

United Kingdom: Personal data collected, stored, used and/or processed by the Front Group, as described in this Privacy Notice, is collected, stored, used and/or processed in accordance with the Front Group’s obligations under the UK Data Protection Act 2018, as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, as amended, superseded or replaced (“UK GDPR”).

Non-English translations of this Notice are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version is authoritative and controls.

Front Group includes FrontApp, Inc. and Affiliates: FrontApp SARL (France) and FrontApp Ireland Limited (Ireland).