Privacy Policy - NextProcess

NP Privacy Policy

Effective as of July 16, 2025

NextProcess LP (“NP”) considers user privacy paramount, and utilizes great care in keeping the information of website visitors, customers and end users (also collectively referred to as “you” and “your”) private and secure. Additionally, NP knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly. To demonstrate our firm commitment to privacy, the following provisions have been created to explain and describe our privacy policies and procedures in relation to all data collected (the “Privacy Policy”). By visiting NP’s website www.nextprocess.com, using the NP software, and/or providing information to NP, you are accepting the practices described in this Privacy Policy.

NP is committed to protecting the privacy of website visitors, customers and end users, while providing you with software design and development, software as a service (SaaS) featuring software for business process improvement, software as a service (SaaS) featuring software platforms for accounts payable automation, capital project management, purchase orders, expense reports, document management, payment solutions, and consulting services, all in the fields of procurement, accounting, and cloud technology (the “Software”). This Privacy Policy addresses the privacy practices of NP. This Privacy Policy is applicable to all NP products and services available. This Privacy Policy states our standards for maintenance of data and we will make efforts to meet them. However, we do not guarantee these standards will be met as there may be factors beyond our control that may result in disclosure of data. As a consequence, we disclaim any warranties or representations relating to maintenance or non-disclosure of data.

If we intend to use or disclose members’ personal information in a manner materially different from that stated at the time of collection we will notify you by email.

NP’s Commitment to You

NP hereby commits to:

Not collect, maintain, use or share personal information beyond that needed for authorized purposes, or as authorized by you.
Not sell personal information.
Not use or disclose information collected (whether personal information or otherwise) for behavioral targeting of advertisements to you.
Not make material changes to service provider consumer privacy policies without first providing prominent notice to the account holder(s) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of personal information that are inconsistent with contractual requirements.
Not knowingly retain personal information beyond the time period required to support the authorized purposes, or as authorized by you.
Collect, use, share, and retain personal information only for purposes for which we were authorized by you.
Disclose clearly in contracts or privacy policies, including in a manner easy for you to understand, what types of personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.
Support access to and correction of personally identifiable information by you.
Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.
Require that our vendors with whom personal information is shared in order to deliver our services, if any, are obligated to implement these same commitments for the given personal information.
Allow a successor entity to maintain the personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected personal information.

What Definitions Apply to the Privacy Policy?

“Information” and “personal information” means personally identifiable information (“PII”) that, alone or in combination, is linked or linkable to a specific person that would allow a reasonable person, who does not have personal knowledge of the relevant circumstances, to identify the person with reasonable certainty.

How Are Accounts Created?

We will ask you to create an NP account to access certain portions of our Software. When you create an account, we will ask for your consent to collect certain types of personal information. Please note that any consent will be entirely voluntary. However, if you do not grant the requested consent to the processing of your personal information, the use of the NP Software may not be possible.

When the primary account belongs to an organization, accounts will be populated in coordination with that organization. Representatives will then be provided login information in a manner specific to that organization and in accordance with organization policy, which may in some cases be through an organization-wide “single sign-on” or by communicating an initial login and password to the representative.

What Information Does NP Collect About Users?

The information that we collect from logged-in users includes information that you voluntarily provide to us when you sign up for an account and information that is automatically collected when you are logged into the NP platform.

In every case we also log certain detailed technical information about all users’ interactions with our Software that could be linked with users. This includes the IP addresses that we get when users connect to our Software, information that is sent by web browsers automatically when they connect to our Software (such as the type of web browser, the operating system used and the time zone set on the user’s computer), the timing and frequency of how users interact with different content and different components of our Software.

How We Automatically Collect Information

We use the following methods and tools to collect and track the automatically collected information described above.

We set cookies so that we are able to recognize when someone is connecting to our Software who is currently logged in or who has visited before. A cookie is a data file sent to a browser from a web server and stored on the user’s computer’s hard drive that allows us to recognize that browser when the user returns to our Software. To learn more about browser cookies, including how to manage or delete them, look in the Tools, Help or similar section of your browser.

Additionally, our video player may store local shared objects, also known as Flash cookies, on users’ computers. Local shared objects cannot be managed in the same way as browser cookies. For information on managing Flash cookies, visit

We (or our third party service providers) may place a tiny image, also known as a pixel tag, in the emails we send, to tell us when you have opened the email. Our team uses this information to improve emails we send to you, and best tailor them to the needs of our organizational clients.

Like most online services, when you use the Software, we automatically collect and store details of how you used our service, such as your activity on the Software, and the frequency and duration of your usage.

By using our Software you agree to our use of these information collection technologies.

You can disable or delete cookies. However, because cookies allow you to take advantage of some of NP’s essential features, we recommend that you leave them turned on. If you disable or delete cookies, you may not be able to utilize all of NP’s features and functionality.

Anonymized Data

We frequently aggregate information in a way that makes it impracticable to use that data to identify a particular person; we also sometimes maintain individual data records with personal identifiers removed, and maintain in a manner in which it is impracticable to relink it to any particular individual. In this Privacy Policy, we refer to such data as “Anonymized Data” and do not consider it to be personal information.

What Information Can Other Users See?

When the primary account belongs to an organization, the account administrator designated by the organization can access all information we collect about users that we make available through our web-based user interface. Organizational administrators can delegate the right to view information in accordance with organization policy.

Primary account holders who register as individual users can access all information available through our user interface relating to such user’s interactions with the Software. They cannot see information that we collect in connection with any other user’s interactions with the Software.

What Does NP Do With Personal Information?

We will not share personal information we collect in any way not described by this Privacy Policy. Except as noted below, we do not share, and have not shared in the preceding twelve (12) months, any personal information with third parties for advertising, marketing or other business purposes. There is no third party advertising on NP’s platform or within NP Software. We do not amass profiles except in the furtherance of client purposes.

We do not ask or require users to provide information beyond that which is reasonably necessary to use the Software. We do not share any login information with any third party and we do not automatically collect personal information from accounts. Information collected from users is never used or disclosed for any third party advertising or any kind of behaviorally targeted advertising. We do collect website usage information through third party analytics services and Anonymized Data to help us improve our experiences for users, but such information does not contain personal information.

We use personal information and any other information collected through the website for the following reasons:

to administer our website and access to our Software;
to improve the quality and types of services that we deliver;
to analyze Software usage and the popularity and performance of our Software products;
to communicate with organizations by responding to your requests, comments and questions;
to obtain consent from you and appropriate organizations so that an account may be created;
to diagnose technical problems;
to send users emails regarding service, technical and other administrative matters. These communications may also include information regarding changes in services, new service offerings and important service-related notices, such as security and fraud notices. Such communications will only be delivered to primary account holders;
to send users alerts to notify them about pertinent activity on the Software, such as messages from colleagues or upcoming deadlines (“Notification Alerts”). These Notification Alerts may be sent to all users of the Software;
to provide useful analyses to users and primary account owners;
for billing, account management and other administrative matters; or
as required by applicable law or regulation.

We use this information to help us to diagnose technical problems, administer the Software and improve the quality and types of services that we deliver. We may also collect, track and analyze information in aggregate form that does not personally identify users.

How We Share Information

We may use third party service providers to provide a variety of services, such as assisting us with providing customer support, hosting the Software, providing us with analytics about how people use our Software, assisting us with marketing the Software, sending and tracking responses to email, providing a framework for the delivery of assessment questions and helping us identify and track bugs and errors in the Software. All of our service providers have agreed to confidentiality and data security provisions consistent with this Privacy Policy. Third parties we work with are contractually prohibited from using any personal information for any purpose other than providing the services we request from them.

When an organization is the primary account holder, we share information with third parties at the direction of the organization, and it is the organization’s responsibility to make such requests in a manner that is consistent with their internal policies and the law. We may also share information that we collect in the following circumstances:

if we believe in good faith that it is necessary to disclose the information under any applicable law or regulation (for example, in response to a court order or a subpoena);
if we believe in good faith that it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person;
to investigate and act upon violations of the law or of our terms of use;
when any user logs into the Software with a third party account (such as a Google or other account), that third party will learn that that user has visited the NP platform, and that information will be subject to that third party’s privacy policy and practices;
with third party products specifically configured by organizational clients to interoperate with the Software;
if the information is Anonymized Data;
with our corporate affiliates and/or subsidiaries; or
in other circumstances in which you expressly consent.

We will not sell user information except in connection with the sale of NP’s assets or a merger of NP with another company, and then only on the condition that such information will continue to be covered by the then-applicable Privacy Policy. If there are changes to this Privacy Policy in the future, organizations may agree to those changes or choose to stop using the Software and we will delete their information and the information about their representatives.

We may also obtain information, including personal information, from certain third parties (such as Google). Any personal information received from these third parties will be handled in accordance with this Privacy Policy. We sometimes combine information we receive from third parties with the personal information we collect through the Software. Any such combined information will be treated as personal information in accordance with this Privacy Policy.

Please also note that our service providers may be able to combine the data we share with them with the data they collect on their own. For example, if we share information with Google, Google may combine such information with the data they have already collected about you through their website. We are not responsible for such combinations of data and we encourage you to learn about their privacy and security policies before you use this Software or provide our service providers with your personal information.

Third Party Websites

Our Software may include some links to other sites. We are not responsible for the data collection practices on those other sites. We advise you to carefully review those sites’ privacy policies before submitting personal information there.

Our Security Practices

We strive to protect the confidentiality, security and integrity of the personal information we collect from you. We have put in place physical, electronic and administrative procedures to safeguard and to help prevent unauthorized access to and maintain the security of personally identifiable information collected through this Software.

Primary accounts are protected by passwords. Please keep these passwords secret to prevent unauthorized access to these accounts. If you think someone has gained unauthorized access to an account, please contact us immediately at info@nextprocess.com or 866-379-NEXT (6398).

We take reasonable, industry standard measures to protect the confidentiality, security and integrity of personal information collected by our Software. This includes the use of encryption, firewalls and other security technologies to prevent access to the data from unauthorized parties. All connections between users and our Software are secured via encryption communication technology (SSL/TLS). All passwords are salted and hashed using the practices recommended by NIST (National Institute of Standards and Technology). We use highly rated application hosting providers who agree to perform frequent diagnostics, operating system updates, and network security monitoring. Our engineering team is committed to creating and maintaining systems to protect personal information.

Only employees who need to access user information in order to perform their job (for example, customer service) are granted access to information.

While we have taken all steps to protect the personal information we collect, and we work to keep our systems in line with industry standards, no system is 100% fail proof and secure. If we discover that the security of personal information has been compromised, we will notify you or the organization that established an account with us no more than thirty (30) days after the discovery of such compromise. We will conduct an investigation to determine the scope of the breach or restore the integrity of our system. You consent to our use of email as a means of such notification.

Your Choices Related to Your Privacy

In order to process your information, we rely on your consent or our legitimate interests to process your data. You may withdraw your consent or object to the use of our information at any time, but you may no longer be able to access NP’s platform or the Software.

If you have a NP account, you can edit your information in the account section of the Software. If you are unable to do this through our Software, you can contact us at info@nextprocess.com or 866-379-NEXT (6398) and we’ll help you make changes. We may ask you to verify your identity before we provide you with access to your information.

You have the right to opt out of emails from us by clicking unsubscribe. You may still receive transactional emails from us related to forgotten passwords, account expiration, or other necessary communication.

How You Can Delete or Edit Information or an Account

When organizations create primary accounts and invite representatives to create accounts, they are acting on behalf of representatives to give NP permission to collect the information described in this Privacy Policy, and NP is acting as a service provider to the organization. For these types of primary account, all requests to review, delete or edit information must come from the organization, and users should make use of the organization’s policies with respect to reviewing, deleting or editing such information. When users are the primary account holders, they may delete or edit information through the NP user interface or by contacting NP at info@nextprocess.com or 866-379-NEXT (6398).

If an organization requests deletion of data under the control of the organization, we will promptly delete it, subject to any legal requirement to retain or transfer that data. Note that even following such deletion requests, we may store secure backups until they are deleted in accordance with our document retention policy. We may also preserve information as part of an investigation into violations of the law or our terms of use.

Please note that any information you share with others when using NP’s platform or the Software or content other users may have copied, is not a part of your account and may not be deleted when you delete your account. If we share your data with one of our service providers, we will use our best efforts to cause such third party to delete such data when you delete your account.

How We Retain and Delete Your Data

We will retain personal information collected in connection with an account only for as long as is necessary to provide the services to the account holder, as required by applicable laws or regulations or otherwise per the terms or a contract with an organizational client.

We may maintain Anonymized Data, including usage data, for analytics purposes.

Data Protection Officer; Data Protection Authority

NP has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at info@nextprocess.com.

You may direct questions to the Data Protection Officer. You also have the right to (i) restrict NP’s use of information that constitutes your personal data, which will cause you to lose access to NP’s platform and the Software, and (ii) lodge a complaint with your local data protection authority.

Identifying the Data Controller and Processor

We endeavor to be fully compliant with the General Data Protection Regulation (“GDPR”), effective as of May 25, 2018. NP operates in the United States and NP’s operations are subject to United States law. If you are located outside of the United States, please be aware that any information you provide to us may be transferred to and stored in the United States or other countries that may have data privacy laws that are less protective than the laws where you reside. Subject to the foregoing limitations, we may act, depending on the circumstances, as either or both a Controller and a Processor of personal data (as those terms are defined in the GDPR). We act as the Controller of information when we ask you to provide to create an account and information that we automatically collect when you use the Software. We act as the Processor of user-generated content and information provided to us by organizational clients.

Location of Data and Processing

The Software is owned and operated by NextProcess LP, located at 15601 Dallas Parkway, Suite 1075, Addison, Texas 75001. If you are located outside of the United States, please note that personal data will be processed in the cloud by our cloud service provider (currently Microsoft Azure), which offers sufficient guarantees to implement appropriate technical and organizational safeguards that meet the GDPR’s standards. We have a data processing agreement in place with our cloud service provider, ensuring compliance with the GDPR and, in the event of any unauthorized access to, or use of, personal data, the appropriate authorities will be notified. All information is transmitted to us by our cloud service provider, will be processed in the United States, and will be handled and protected under the terms of this Privacy Policy and applicable U.S. laws, which may not be as protective as the laws in your country. By using the Software, you agree to this.

Notice of Changes to This Policy

We may occasionally update this Privacy Policy. You can see when it was last updated by looking at the new effective date at the top of this page.

If we make any significant changes we’ll post them prominently on our website and notify you by other means as required by law. Your continued use of NP’s platform or the Software after a revision to the Privacy Policy indicates your acceptance and agreement to the then current or revised Privacy Policy. We recommend that you periodically review the Privacy Policy to make sure you understand and are up-to-date on how we’re keeping your information safe.

If you don’t agree with any future changes to the Privacy Policy, please contact us to terminate your account.

You may contact us at info@nextprocess.com or 866-379-NEXT (6398).

Special Considerations by State

Our Privacy Policy is consistent with our obligations pursuant to the state-specific policies and laws regarding the collection of personal data including, without limitation, Alabama’s Data Breach Notification Act of 2018 (Ala. Code §§ 8-318-1 to 8-38-12), Alaska’s Personal Information Protection Act (Alaska Stat. Ann. §§ 46.48.010 to 46.48.090), Arizona’s Data Breach Notification Statute (A.R.S. §§ 18-551 and 18-552), Arkansas’ Personal Information Protection Act (Ark. Code Ann. §§ 4-110-101 to 4-110-108) California’s Breach Notification Statute (Cal. Civ. Code §§ 1798.80, 1798.82), California’s Shine the Light Law (Cal. Civ. Code § 1798.83), Colorado’s Data Breach Notification Statute (Colo. Rev. Stat. Ann. § 6-1-716), Colorado’s Privacy Act (C.R.S. Title 6, Art. 1), Connecticut’s Data Breach Notification Statute (Conn. Gen. Stat. Ann. § 36a-701b), Connecticut’s Personal Data Privacy and Online Monitoring Act (CTDPA) (Conn. Gen. Stat. Ann. §§ 42-515 to 42-525), District of Columbia’s Data Breach Notification Statute (D.C. Code §§ 28-3851 to 28-3853), Delaware’s Data Breach Notification Statute (6 Del. C. §§ 12B-101 to 12B-104), Delaware’s Personal Data Privacy Act (H.B. 154), Florida’s Data Breach Notification Statute (§ 501.171), Florida’s Digital Bill of Rights (§§ 501.701 to 501.722), Florida’s S.B. 188 (1002.222 Fla. Stat.), Georgia’s Data Breach Notification Statute (O.C.G.A §§ 10-1-911 and 10-1-912), Hawaii’s Data Breach Notification Statute (HRS §§ 487N-1 to 497N-4), Idaho’s Data Breach Notification Statute (Idaho Code §§ 28-51-104 to 28-51-107), Indiana’s Consumer Data Protection Act (S.B. 5), Indiana’s Data Breach Notification Statute (Ind. Code §§ 24-4.9-1-1 to 24-4.9-5-1), Illinois’ Personal Information Protection Act (815 ILCS 530/1-530/50), Iowa’s Consumer Data Protection Act (S.F. 262), Iowa’s Data Breach Notification Statute (Iowa Code Ann. §§ 715C.1 and 715C.2), Kansas’ Data Breach Notification Statute (K.S.A. §§ 50-7a1 and 50-7a02), Kentucky’s Consumer Data Protection Act (H.B. 15), Kentucky’s law relating to prohibited uses of PISI by cloud computing service providers (KRS 365.734), Louisiana’s Database Security Base Notification Law (La. R.S. 51:3071 to 51:3077), Maine’s Notice of Risk to Personal Data Act (10 M.R.S.A. §§ 1346 to 1349), Maryland’s Personal Information Protection Act (Md. Code Ann., Com. Law §§ 14-3501 to 14-3508), Massachusetts’ Data Breach Notification Statute (M.G.L.c. 93H, §§1 to 6), Minnesota’s Consumer Data Privacy Act (HF 4757), Minnesota’s Data Breach Notification Statute (Minn. Stat. Ann. § 325E.61), Mississippi’s Data Breach Notification Statute (Miss. Code Ann. § 75-24-29), Montana’s Consumer Data Privacy Act (S.B. 384), Montana’s Data Breach Notification Law (Mont. Code Ann. § 30-14-1704), Nebraska’s Data Privacy Act (LB 1074), Nebraska’s Financial Data Protection and Consumer Notification of Data Security Breach Act (Neb. Rev. St. §§ 87-802 to 87-808), Nevada’s Data Breach Notification Statute (NRS 603A.010 to 603A.040), New Hampshire’s Data Breach Notification Statute (N.H. RSA §§ 359-C:19 to 359-C:21), New Hampshire’s S.B. 255-FN, New Jersey’s Data Privacy Act (S.B. 332), New Mexico’s Data Breach Notification Act (NMSA 1978, §§ 57-12C-1 to 57-12C-12), New York’s Data Breach Notification Law (N.Y. Gen. Bus. Law § 899-aa), North Dakota’s Notice of Security Breach for Personal Information (N.D.C.C. §§ 51-30-01 to 51-30-07), Ohio’s Data Breach Notification Statute (R.C. 1349.19), Oklahoma’s Security Breach Notification Act (Okla. Stat. tit. 24, §§ 161 to 166), Oregon’s Consumer Privacy Act (S.B. 619), Pennsylvania’s Breach of Personal Information Notification Act (73 P.S. §§ 2301 to 2308), Rhode Island’s Data Transparency and Privacy Protection Act (H 7787 and S 2500), South Carolina’s Data Breach Notification Law (S.C. Code Ann. § 39-1-90), Tennessee’s Information Protection Act (H.B. 1181), Tennessee’s Data Accessibility, Transparency, and Accountability Act (T.C.A. §§ 49-1-701 to 49-1-708), Texas’ Data Privacy and Security Act (H.B. 4), Utah’s Protection of Personal Information Act (Utah Code §§ 13-44-101 to 13-44-301), Vermont’s Security Breach Notice Act (9 V.S.A. § 2435), Virginia’s Consumer Data Protection Act (VA Code §§ 59.1-57 to 59.1-585),Washington State’s Data Breach Notification Statute (RCW §§ 19.255.005 to 19.255.040) West Virginia’s Data Breach Notification Statute (W.Va. Code §§ 46A-2A-101 to 46A-2A-105), and Wisconsin’s Data Breach Notification Statute (Wis. Stat. § 134.98). If you are a California resident, California law may provide you with additional rights regarding our use of your personal information in addition to the named statutes above. Given the jurisdiction thresholds currently existing under the California Consumer Privacy Act (CCPA), NP does not believe it is subject to the CCPA. However, should factors change in the future that bring NP under the jurisdiction of the CCPA, you will be provided all rights under the CCPA. As state laws change, we will update our Privacy Policy accordingly. Once again, we recommend that you periodically review the Privacy Policy to make sure you understand and are up-to-date on how we’re keeping your information safe.

Special California Considerations

We adopt this notice to comply with the CCPA, which will apply if NP becomes subject to the CCPA. Any terms defined in the CCPA have the same meaning when used in this Policy.

As previously noted, NP collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include publicly available information from government records, de-identified or aggregated information, or information excluded from CCPA’s scope.

In particular, NP has collected the following categories of personal information from users within the last twelve (12) months:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)	A name, signature, address, telephone number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information.	YES
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	NO
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	YES
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	YES
G. Geolocation data.	Physical location or movements.	YES
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
I. Professional or employment-related information.	Current or past job history or performance evaluations.	NO
J. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	YES
K. *Sensitive Personal Information	Government identifiers, such as your Social Security number (SSN), driver’s license, state identification card, or passport number; complete account access credentials, such as usernames, account logins, account numbers, or card numbers combined with required access/security code or password; precise geolocation, such as physical store visits or physical locations when visiting websites or using mobile apps.	YES

*Sensitive personal information is a subtype of personal information consisting of the specific information categories listed in the chart above. Importantly, the CCPA only treats this information as sensitive personal information when we collect or use it to infer characteristics about a consumer.

Such categories of personal information listed above may have been obtained directly from you, indirectly from you, or from third parties. However, as noted above, NP does not collect, maintain, use or share personal information beyond that needed for authorized purposes, or as authorized by the website visitor, customer, or end user, as the case may be. NP does not sell, and has not sold for the preceding twelve (12) months, personal information.

Your Rights and Choices under the CCPA

Right to Know and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months (the “right to know”). Once we receive your request and confirm your identity we will disclose to you:

The categories of personal information we collected about you;
The categories of sources for the personal information we collected about you;
Our business or commercial purpose for collecting or selling that personal information;
The categories of third parties with whom we share that personal information
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
The specific pieces of personal information we collected about you (also called a data portability request).

Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

Right to Correct

You also have the right to request correction of personal information we maintain about you that you believe is inaccurate (the “right to correct”). We may require you to provide documentation, if needed, to confirm your identity and support your claim that the information is inaccurate. Unless an exception applies, we will correct personal information that our review determines is inaccurate and notify our service provider(s) to take appropriate action.

Right to Limit Sensitive Personal Information Use and Disclosure

You have the right to limit the use and disclosure of your sensitive personal information to the use which is necessary to:

Perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services;
To perform the following services:
- Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes;
- Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business, if the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business;
- Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business; and
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business; and
- As authorized by further regulations.

You have a right to know if your sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes.

You may exercise your Rights to Know, Delete, Correct, or Limit Sensitive Personal Information as discussed in this Privacy Policy.

Personal Information Sales Opt-Out and Opt-In Rights

Because we do not sell your personal information at any time, there are no applicable opt-in or opt-out options under the CCPA. If you are concerned, please reach out to NP and we will be happy to talk to you.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

Special Considerations by Country

Our Privacy Policy is consistent with our obligations pursuant to the country-specific policies and laws regarding the collection of personal data including, without limitation, the GDPR, Australia’s Federal Privacy Act 1988, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), India’s Digital Personal Data Protection Act 2023 (DPDPA), Mexico’s Federal Law on the Protection of Personal Data Held by Private Parties, and South Africa’s Protection of Personal Information Act 4 of 2013 (POPIA).

Special European Union/European Economic Area Considerations (GDPR)

We adopt this notice to comply with the GDPR, which will apply if NP becomes subject to the GDPR. Any terms defined in the GDPR have the same meaning when used in this Policy.

Individuals in certain countries, such as the European Economic Area (the “EEA”) and the European Union (the “EU”), have certain statutory rights under the GDPR in relation to their personal data. These rights include the rights set forth below. When making a request to exercise one of your rights, please provide us with enough information to confirm your identity. If your request does not include enough information for us to confirm your identity, we may not be able to process your request and, as such, we may request additional identifying information.

Your Rights and Choices under the GDPR

The Right to Be Informed

The GDPR requires us to ensure the fair and transparent collection and processing of your personal information. As such, you have the right to request to know or be notified about the collection and use of your personal information.

Right to Access

You have the right to be provided with a copy of your processed personal information (the “right to access”).

Right to Rectification

The GDPR requires us to ensure that your personal information is accurate, kept up to date, and erased or corrected without undue delay. As a result, you have the right to require us to correct any mistakes in your personal information.

Right to Be Forgotten

You have the right to require us to delete your personal information – in certain situations, including, but not limited to, cases in which your personal data is no longer necessary for the collection purpose, or if you withdrew your consent for our processing activities.

Right to Restriction of Processing

You have the right to require us to restrict processing of your personal information—in certain circumstances, for example, if you contest the accuracy of the data.

Right to Data Portability

You have the right to receive the personal information you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party. This right is distinct from your right to access.

Right to Object

You have the right to object: (i) at any time to your personal information being processes for direct marketing (including profiling) and (ii) in certain other situations to our continued processing of your personal information, for example, processing carried out for our legitimate interests.

Right Not to be Subject to Automated Individual Decision-Making

You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. However, this right does not apply when the automated decision is:

Necessary for entering into or performing a contract with you;
Authorized by EU or member state law applicable to us if the law requires suitable measures to safeguard your rights and freedoms and legitimate interests; or
Based on your explicit consent.

You may exercise these rights by following the steps explained in this Privacy Policy, which for holders of accounts means making such a request to the primary account holder. If you have any problems exercising your rights or if you have any additional questions about our use of your personal data or your rights under the GDPR, please contact us at info@nextprocess.com or 866-379-NEXT (6398) for additional information.

Contact Information

If you have any questions or comments about this notice, the ways in which NP collects and uses your information described in this Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law or the GDPR, please do not hesitate to contact us at:

Phone: 866-379-NEXT (6398)

Website: https://www.nextprocess.com/privacy-policy

Email: info@nextprocess.com

Address:

NextProcess LP

Attn: Privacy Officer

15601 Dallas Parkway, Suite 1075

Addison, Texas 75001

If you need to access this Privacy Policy in an alternative format due to having a disability, please contact info@nextprocess.com or 866-379-NEXT (6398).