Privacy Policy

Last updated: March 25, 2026

At Nisos, your privacy is important to us. This Privacy Policy (“Policy”) details the privacy practices of Nisos Holdings Inc. and its subsidiaries and affiliates (“Nisos”) as it relates to website visitors, information collected as a processor on behalf of our clients, and other information you voluntarily share with us. This Policy informs you about how we look after your personal data when you visit our website, nisos.com (“Website” or “Site”), use our services, or software. It contains information about the choices you can make about the way your personal data is collected by us, how it will be used and for what purposes, as well as your rights in relation to your information.

INFORMATION WE COLLECT AND HOW WE COLLECT IT
We collect personal data that you voluntarily provide to us, such as name, postal address, e-mail address, telephone number, place of business and any other information that could be used to personally identify you (collectively, “Personal Data”, “Data”, or “Personal Information”). You may voluntarily provide Personal Data when you fill in forms on our Website or reach out to us directly by sending us correspondence. We also collect information from our clients in order to perform our services and provide our software.

DATA PRIVACY FRAMEWORK NOTICE
Nisos complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce, with respect to personal data other than human resources data received in reliance on those frameworks. Nisos has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data other than human resources data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Nisos has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data other than human resources data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the applicable Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The Federal Trade Commission has jurisdiction over Nisos Holdings Inc.’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Under certain circumstances, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

WEBSITE VISITORS
When you visit our Website, we may also collect other information from you, to help us make our content relevant to you as well as technical information such as information regarding your internet connection, the hardware and software you use to access our Website, your IP address, page views, clicks, and other such information that does not personally identify you (collectively, “Technical Data”). We also use the information provided in order to market services and to better enhance and develop our site experience. We may also place first and third party cookies as described in our Cookie Policy.

We strongly believe in preserving your privacy and security, and we do our best to be as transparent as possible in explaining how we use your Personal Data when you use this website. Please contact us at privacy@nisos.com if you have any questions.

CLIENT DATA
We receive potentially non-public Personal Data from or on behalf of our clients in order to perform our services. Such information is often required for us to effectively provide our services to our clients, and may include names, addresses, birthdates, affiliations, and other information our clients may provide in order for us to perform our services (collectively, “Client Data”). We maintain reasonable and appropriate technical, administrative, and physical safeguards designed to protect personal data against unauthorized access, disclosure, alternation, and destruction, taking into account the nature of the data and the risks involved in processing it. We process, use, and share Client Data as instructed or permitted by the applicable client.

We may transmit client data over international borders as necessary for providing our services in accordance with our standard business practices and this Policy, but we will maintain reasonable security policies regardless of where Client Data is stored or processed.

We may also use your information to market, advertise, promote or otherwise contact you about our products and services. If you do not want us to use your information in this way, see ‘Your Data Collection Choices’ for instructions on how to opt out of these communications. We may use Technical Data, which does not identify you personally, to optimize our services and ensure that our website is performing as intended.

We only share Client Data with third parties, when instructed or permitted by the client. We may also share Client Data with other third party data processors who facilitate our provision of the services requested by the client and who are prohibited from using Client Data except for such purposes. We may share client information with contractors, service providers, and other third parties who support our business operations (e.g., payment processors, sales or support representatives, hosting providers, marketing partners, and other business consultants) who are bound by confidentiality obligations and use it only for the purposes for which we disclose it to them.

If we transfer personal data received under the Data Privacy Framework to a third party acting as an agent or service provider, we will do so only for limited and specified purposes. We will require the recipient to provide at least the same level of protection as required by the applicable Data Privacy Framework Principles, notify us if it can no longer meet that obligation, and stop and remediate unauthorized processing as appropriate. If we transfer personal data received under the Data Privacy Framework to a third party acting as an independent controller, we will do so consistent with the Notice and Choice Principles and pursuant to a contract requiring the recipient to provide the same level of protection required by the applicable Data Privacy Framework Principles. Nisos Holdings Inc. may remain liable under the Data Privacy Framework Principles if our agent processes such personal data in a manner inconsistent with those Principles, unless we prove we are not responsible for the event giving rise to the damage.

For purposes of the Data Privacy Framework, personal data that we process on behalf of clients in providing services, including data relating to a client’s current or former employees, contractors, or personnel, is treated by Nisos as client data processed in a business-to-business context, not as Nisos human resources data collected in the context of an employment relationship with Nisos.

Under applicable law and when legally required, we will share Client Data to comply with a court order, law, or legal process, including to respond to any government or regulatory request, to enforce or apply our website policies and other agreements, for billing and collection purposes, or if we believe disclosure is necessary or appropriate to protect our rights, property, or safety or that of our customers or others. In some situations that solely implicate Client Data and requests thereof, we will always endeavor to notify our client users to allow them to intervene, unless we are legally restricted from doing so.

If you are one of our clients’ personnel and you have any questions or concerns regarding your Personal Data or your privacy rights, or you would like to access or correct your Personal Data, please contact your employer.

SOFTWARE
We gather information regarding our client users and third parties when you log into our software. We collect the following information:

Personal Data: This category includes information that would allow us to identify you personally. This may include information you provide when engaging with our support or sales teams, information that you provide when using any interactive features on or through the software, information you provide when you report a problem to us, including information such as, contact information, such as names, addresses, e-mail addresses, user credentials, driver’s license information, social security number, passwords, and phone numbers, as well as any other information detailed in the applicable statement of work with the Client on whose behalf the end user accesses the software.

Other Information: This category refers to information that does not directly identify a specific individual. For instance, the software may track the total number of visitors to the software, the number of visitors to a particular page of the software, and/or other such technical information. This data may be used to diagnose problems with the software, gather demographic, geographic and other information that does not directly identify you to improve our services or marketing efforts, improve our services and product, and for similar purposes. We may also make Personal Data anonymous or aggregate such anonymous data so that it becomes Other Information.

We collect information through the software in the following ways:

Voluntarily Provided Information: Nisos may collect information, which may include Personally Identifiable Information, voluntarily provided to us by the user through the software. This information may be collected in coordination with a voluntary survey, information or service request, promotional contest, initiation of a support ticket or a request for assistance, uploaded to the Nisos software or by similar voluntary methods.
Passive Information Collection: Nisos may also collect information, which may include Personally Identifiable Information, automatically when you visit the software. This information may include “traffic” data or IP addresses (an IP address is a number automatically assigned to your computer in order to use the Internet), or other anonymous data. Information may be collected using technologies such as standard server logs, cookies, pixels, and clear GIFs or Web beacons.
When You Contact Us: Personally Identifiable Information may be gathered as a result of a ticket submission or messages sent through the software.
Third Party Information: Nisos may collect information, which may include Personally Identifiable Information, from third parties (such as third-party platform providers) and vendors and add it to the other information collected.

Information collected through the software is used for the following purposes:

To provide you with the services you request;
To respond to requests including service ticket requests;
To maintain account information;
To enhance software operations;
To enforce agreements, address security hazards, prevent fraud or illegal or improper activities;
For administrative purposes; and
For other legally permissible purposes

DATA RETENTION
Relevant information related to your use of the software and/or your business relationship with us is retained pursuant to applicable federal and state rules and regulations and so long as necessary including, but not limited to, the duration of time that you utilize our software, the duration of your relationship with Nisos as a Client, and a reasonable period after termination of any business relationship. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of your data, the purposes for which we process your data and whether we can achieve those purposes through other means, and the applicable legal requirements.

THIRD PARTY DISCLOSURE
Nisos may share your information with third parties in the following situations:

Service Providers: We may share your information, including Personal Data, with third parties or affiliates to assist in our business operations (e.g., to process payments, store data, provide maintenance to the Nisos software, deliver information, and perform other similar functions), or to provide the services you have requested.
Business Transfers: We may share your information, including Personal Data, as part, of or in connection with, a merger, acquisition, assignment, or in any similar transaction, or to the extent as may be required by applicable law.

AUTOMATIC DATA COLLECTION
We may use cookies, web beacons, pixels, and similar technologies to automatically collect certain information about your online activities over time and across third-party websites or other online services.

The technologies we use for this automatic data collection may include:

Cookies. A cookie is a small file placed on the hard drive of your computer. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website. You may refuse to accept such cookies (also known as ‘browser cookies’) by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website.
Web Beacons. Our Website and our e-mails may contain small electronic files known as web beacons (also referred to as ‘clear gifs’, ‘pixel tags’, and ‘single-pixel gifs’) that permit us, for example, to count users who have visited those pages or opened an email and for other related Website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity).

We use information collected by the technologies described above, to help us improve our Website and to deliver a better and more personalized service, including by enabling us to:

Estimate our audience size and usage patterns.
Store information about your preferences, allowing us to customize our Website to your specific business needs.
Speed up your searches.
Recognize you when you return to our Website.

Some content or applications on the Website are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Website. The information they collect may be associated with your Data or your online activities over time and across different websites and other online services.

For information about how you can opt out of receiving targeted advertising from such providers, see Your Data Collection Choices.

YOUR DATA COLLECTION CHOICES
As the means by which you can refuse cookies through your web browser controls vary depending on your browser, we recommend that you consult your browser’s help menu for more information on these adjustments. The following are the choices, means and mechanisms we offer to you for controlling and limiting the use and the disclosure of your Data, additionally, the following mechanisms provide you with specific controls over your information:

Google Analytics. We use Google Analytics to optimize our website and the content we deliver there. Information about how Google Analytics uses data can be found at www.google.com/policies/privacy/partners/. To opt out of Google Analytics cookies, please follow these instructions to download the Opt-Out browser.
Hubspot. We also use Hubspot for certain marketing activities and website optimization. More information about how Hubspot uses data can be found at https://legal.hubspot.com/privacy-policy.

Where required by the Data Privacy Framework, we will offer you the opportunity to opt out before we disclose your personal data to a non-agent third party or use it for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by you. Where required, we will obtain your affirmative express consent for such uses or disclosures involving sensitive personal data.

CHILDREN UNDER THE AGE OF 16
Our Website is not intended for children under 16 years of age. We do not knowingly collect Data from children under 16. If you are under 16, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received data from a child under 16, we will promptly take commercially reasonable steps to delete that information.

If you believe we might have any information from or about a child under 16, please contact us at privacy@nisos.com.

YOUR PRIVACY RIGHTS
Depending on where you are located and how you interact with Nisos, you may have certain legal rights over the Personal Information we hold about you, subject to local privacy laws. These may include the right, depending on your jurisdiction, to:

Obtain access to your Personal Information that is being processed by us;
Correct inaccurate Personal Information;
Request the deletion of your Personal Information;
Opt out of the sale or sharing of Personal Information for targeted advertising;
Object to the processing of your Personal Information carried out on the basis of our legitimate interests where permitted by applicable law, and ask us to restrict the processing of your Personal Information;
Request the portability of your Personal Information in a structured, commonly used, and machine-readable format;
Withdraw your consent at any time, if we have collected and processed your Personal Information with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent;
Opt out of marketing communications sent by Nisos.

EXERCISING YOUR PRIVACY RIGHTS
To exercise your rights with respect to information covered by this Privacy Policy, please contact us using the contact details at the bottom of this Privacy Policy. You must provide the information requested so that Nisos can verify your identity. Nisos will take steps to verify your identity, including validating your name and the email you use when interacting with Nisos. You may also authorize another person or third party to submit a request to exercise your rights by providing written permission in conjunction with the submission of the requested information or by giving the third party your power of attorney.

We will acknowledge your request and provide a follow-up substantive response within a reasonable time period permitted by applicable law. In the event that Nisos needs an extension to fulfill a request, we will notify you. If we deny your request, we will provide reasons for that denial.

Nisos does not discriminate against you for exercising any of these rights afforded you by law. Nisos does not make any decisions based solely on automated processing that produces legal or similarly significant effects as part of the processing activities covered by this Privacy Policy.

Nisos acts as a controller ONLY for personal data that we collect directly, such as website, marketing, and certain software account data. Nisos acts as a processor or service provider for client data we process on behalf of our clients. If your Personal Information has been supplied to us by or on behalf of a Nisos Client and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable client directly.

For information about how Nisos handles personal data relating to job applicants in the context of Nisos’s own employment-related activities, please review the separate EU/EEA/UK privacy notice related to prospective employees. This Privacy Policy and the Data Privacy Framework statements above apply to non-HR data only.

DISPUTE RESOLUTION
If a privacy complaint or dispute relating to Personal Data received by Nisos in reliance on the Data Privacy Framework (or any of its predecessors) cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/

If a complaint or dispute cannot be resolved through our internal process, we have also agreed to cooperate with the EU and UK data protection authorities and the Swiss Federal Data Protection and Information Commissioner and to participate in the dispute resolution procedures of the panel established by such data protection authorities.

BINDING ARBITRATION
If your dispute or complaint related to your Personal Data that we received in reliance on the Data Privacy Framework cannot be resolved by us, nor through the dispute resolution mechanism mentioned above, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework “Recourse, Enforcement and Liability” Principle and Annex I of the Data Privacy Framework.

DATA SECURITY
We have implemented at least industry standard measures designed to secure your Data from accidental loss and from unauthorized access, use, alteration, and disclosure. The safety and security of your information also depends on you. When using our software, you are responsible for keeping your username, password, and any other login credentials or user verification information confidential. You may not share this information with anyone. Unfortunately, the transmission of information via the internet is not completely secure, so we cannot guarantee the security of your Data transmitted to our Website. Any transmission of Personal Data is at your own risk.

We are not responsible for circumvention of any privacy settings or security measures contained on the Website. In order to protect you, your Data and that of our other users, we may suspend your access to the Website without notice, pending an investigation, if any breach of security is suspected.

CHANGES TO OUR PRIVACY POLICY
For any changes we make to this Policy, including making material changes to how we treat our users’ Personal Data, we will post an updated policy on this page and revise the Last Updated date above.

Nisos Holdings Inc. Email: privacy@nisos.com

Previous Privacy Policy To access our Privacy Policy effective April 1, 2025, [click here]