Global Relay requires users of its Services to provide contact and other information that can be used to identify or contact a specific individual, such as a name, address, telephone number or email address, including certain information regarding Customer's users.
Global Relay may also collect certain information from visitors to and customers of Global Relay's website, which may include name, address, phone number, Internet address, user IDs and passwords, billing and transaction information, credit card or other financial information and contact preferences. This information is logged to help diagnose technical problems, and to administer Global Relay's website and Services in order to constantly improve the quality of the Services. Global Relay may also track and analyze non-identifying and aggregate usage and volume statistical information from its visitors and Customers and provide such information to third parties.
In some cases Global Relay may ask for additional information, in order to provide technical support. Any such additional information would be of a technical nature and remain confidential. "Customer Data" means that Data stored by the Customer with Global Relay through use of the Services. Global Relay may access Customer Data and other information for technical processing purposes including: (a) the functionality of the Services; (b) the technical requirements of Global Relay's Systems; (c) the technical requirements of the Services; or (d) to conform to other, similar technical requirements. Global Relay may access the Customer's Account and Customer Data as necessary to identify or resolve technical problems or respond to complaints about the Services.
Global Relay also collects personal information of its employees in connection with human resources administration and functions. Global Relay employees can review their personal profile, compensation and job related data and to make changes to their personal information.
Global Relay maintains information about its Customers, including without limitation, User Account information, billing information, Services and support information, and frequency and use of Services. Global Relay may use this data for internal business purposes, or disclose Customer Data in aggregate form (i.e., not individually attributable to Customer) for marketing or other promotional purposes.
Global Relay may also share your personal information with third parties in responding to your requests for products or services or product evaluations. Global Relay will not sell, rent, trade or otherwise disclose individual Customer information to any third parties or outside companies for any reasons other than those specified below.
Global Relay may disclose Customer Data if Global Relay believes that such action is reasonably necessary: (a) to comply with the law; (b) to comply with legal process; (c) to enforce its agreements; (d) to respond to claims that the Customer uses the Services to support activities that violate the law or the rights of third parties; or (e) to exculpate Global Relay from charges of wrongdoing. However, Global Relay does not have a duty to make any such disclosures.
Neither Global Relay nor any party it contracts with will disclose Customer Data or Confidential Information to any other person unless such disclosure is required or authorized by law, or with prior written consent of the other party. In the event that a party is legally compelled, through whatever means, to provide access to Customer Data or Confidential Information, then the disclosing party will provide the other party with Notification of such an event as soon as it is reasonably practical to do so as to afford the opportunity to limit or prevent such disclosure. Notwithstanding the foregoing, should the Customer or the Reseller violate or cause or encourage a violation of the Acceptable Use Policy found at: http://www.globalrelay.com/policies/acceptable-use, Global Relay will actively assist and cooperate with law enforcement agencies and government authorities in collecting and tendering Confidential Information about the Reseller, the Customer and the Customer's Data, as applicable.
Where the Customer provides Global Relay with credit card information, the Customer may be assured that Global Relay endeavors to use secure technologies to protect such information against unauthorized disclosures. Credit card information may be shared with the credit card companies themselves and with other credit verification organizations. Global Relay also may make general information about the purchases available to third parties from time to time.
Use of Information
The use of your email address by Global Relay is necessary to keep you well informed of maintenance, support and usage issues, invoicing and accounting issues, escalated critical issues and problem resolutions that may arise with the Services. Global Relay may also use email addresses to provide its Users with informative newsletters and other information.
Global Relay likes to keep its Customers informed via email and other means. Sometimes Global Relay uses personal and demographic information to help it determine which Services are most likely to be of interest to the Customer or help diagnose problems with its Systems or administration of its websites. Global Relay also uses demographic information to gather general interest in its products, to help in the analysis of product usage, purchasing, and target markets.
Security of Data
The Internet is not an absolutely secure medium of communication and Global Relay cannot guarantee the security and privacy of the Customer Data sent over the Internet or stored on its Systems. The Company will use commercially reasonable efforts consistent with the standards of practice in the industry to prevent unauthorized access to and disclosure of the Customer Data exercising the same degree of care that a reasonable and careful Person would exercise with similar data. In order to assist in protecting the Customer Data, Global Relay has implemented the following polices and infrastructure:
Data Center Security
- mirrored East/West Coast SSAE16 SOC I Type II Certified Data Centers
- physically secured with 24x7x365 uniformed guard service
- secure biometric readers and electronic key access at Data Center entrances
- physical access to Data Centers limited solely to Global Relay employees whose duties require access
- closed circuit video surveillance cameras and alarm systems throughout Data Centers and building
- monitored from a secure control room accessible only to authorized Facility personnel
- all environmental control systems monitored and controlled locally and remotely monitored
- redundant facility HVAC cooling systems
- FM-200 Gas Fire Suppression systems linked to a pre-action sprinklers
- high sensitivity, early warning smoke detection systems
- redundant power utilizing uninterruptible power supplies (UPS)
- redundant 100mb connectivity
- highly secure, reliable and scaleable IT infrastructures engineered by Hewlett Packard
- mirrored active/active firewalls to ensure that in the event of a failure data will remain secure
- mirrored active/active load balancers to ensure high system availability
- continually upgraded SUN operating systems ensuring performance at the highest level
- highly restricted access to customer data and stringent internal access procedures/authorizations
- systems monitored 24/7 by dedicated professionals to protect against unauthorized intrusion
- two factor Virtual-Private-Network (VPN) provides secure, remote monitoring
- system alerts for unusual activities
- performance of regular security reviews and monitoring of security logs for anomalies
- messages are delivered to Global Relay Archive via secure connections with username and password authentication
- secure access is provided via username and password authentication over HTTPS and can be restricted to specific IP addresses and address ranges
- archived messages are encrypted end-to-end and are only decrypted when an authorized user conducts a search
- encryption of data at rest meets National Security Agency (NSA) standards by using AES encryption algorithms and secondary RSA encryption algorithms
- data in transit is encrypted via TLS
- data is preserved on tamperproof, non-rewriteable, non-erasable storage (including WORM drives as applicable)
- data is replicated between Global Relay’s two mirrored East/West Coast SSAE16/SOC I Type II certified data centers in near real time such that are always at least 4 copies of every message
- all user actions within Global Relay Archive are logged in an unalterable audit trail, which documents the full lifecycle of every message
- configuration changes and user access are documented in an Event Log
- access to Global Relay Archive can be immediately suspended in the event of a reasonable detection or perceived detection of suspicious activity or other security issues
- all employees are subject to backgrounds checks
- all employees must enter into confidentiality & non-disclosure agreements
- strict authorization protocols & logging for senior IT escalations for systems access on "as required" basis
- customer data is kept confidential in accordance with our Services Terms & Conditions and data protection laws
- no third party contractors or agents are used in messaging services
- due diligence by third party auditors are welcomed to validate Global Relay's safety and control measures
In addition, access to sensitive data is limited to those individuals and agents having a need to know.
Global Relay's website contains hypertext links to other sites as a convenience to users. Global Relay is not responsible for the privacy practices or contents of any information provided by outside sites through these links. Customers and visitors will need to check the policy statement of these other sites to understand their policies. Customers and visitors who access a linked site may be disclosing their private information. It is the responsibility of the Customer to keep such information private and confidential.
Access to and Accuracy of your Information
Global Relay will try to keep your personal information accurate. We will provide you with access to your information and the opportunity to change your information. To protect your privacy and security, we will also take reasonable steps to verify your identity, such as a password and user ID, before granting access to your data.
Questions or Comments
This document was last revised August 2013