AXON CLOUD SERVICES PRIVACY NOTICE
Last Updated: October 21st, 2024
This Axon Cloud Services Privacy Notice (“Notice”) applies only to the information that Axon Enterprise, Inc. and its other legal entities (“Axon” “we”, “us”, “our”) collect from Customers and their users (collectively, “Customer” “you” and “your”) and provide to Axon in connection with Customer’s use of Axon Cloud Services (as defined below). Axon's marketing sites and other public websites are governed by the Axon Global Privacy Notice.
Unless otherwise provided in this Notice, this Notice is subject to the terms of the Master Services Purchasing Agreement, or other similar agreement, if any, between Axon and Customer (“Agreement”). A concept or principle covered in this Notice shall apply and be incorporated into all other provisions of the Agreement in which the concept or principle is also applicable, notwithstanding the absence of any specific cross-reference thereto. All capitalized terms referenced, but not defined, in this Notice shall have the meanings assigned to them in the Agreement.
By using Axon Cloud Services, Customer acknowledges that Customer has read and understands this Notice. Axon may occasionally update this Notice. When Axon posts changes, Axon will revise the "last updated" date at the top of this page. Customer’s continued use of Axon Cloud Services will signify Customer’s acknowledgement, and to the extent allowed by law agreement to and acceptance of any such changes.
Definitions
· “Axon Cloud Services” means Axon’s web services hosted on evidence.com including Axon Evidence and other related offerings, including, without limitation, interactions between Axon Cloud Services and Axon Products (as defined below).
· “Axon Products” means:
(1) Axon Cloud Services;
(2) devices sold by Axon (including, without limitation, conducted energy weapons, cameras, sensors, and docking systems) (collectively, “Axon Devices”);
(3) other software offered by Axon (including, without limitation, Axon Investigate, Axon Capture, Axon Evidence SYNC, Axon Device Manager, Axon View, Axon Interview, Axon Commander, Axon Uploader XT, and Axon View XL) (collectively, “Axon Client Applications”); and
(4) ancillary hardware, equipment, software, services, cloud-based services, documentation, and software maintenance releases and updates. Axon Products do not include any third-party applications, hardware, warranties, or the 'my.evidence.com' services.
“Customer Data” means:
(1) “Customer Content”, which means data uploaded into, ingested by, or created in Axon Cloud Services within Customer’s tenant, including, without limitation, media or multimedia uploaded into Axon Cloud Services by Customer (“Evidence”); and
(2) “Non-Content Data”, which means:
(a) “Customer Entity and User Data”, which means Personal Data and non-Personal Data regarding Customer’s Axon Cloud Services tenant configuration;
(b) “Customer Entity and User Service Interaction Data” which means data regarding Customer's interactions with Axon Cloud Services and Axon Client Applications;
(c) “Service Operations and Security Data”, which means data within service logs, metrics and events and vulnerability data, including, without limitation: (i) application, host, and infrastructure logs; (ii) Axon Device and Axon Client Application logs; (iii) service metrics and events logs; and (iv) web transaction logs;
(d) “Account Data”, which means information provided to Axon during sign-up, purchase, or administration of Axon Cloud Services, including, without limitation, the name, address, phone number, and email address Customer provides, as well as aggregated usage information related to Customer’s account and administrative data associated with the account; and
(e) “Support Data”, which means the information Axon collects when Customer contacts or engages Axon for support, including, without limitation, information about hardware, software, and other details gathered related to the support incident, such as contact or authentication information, chat session personalization, information about the condition of the machine and the application when the fault occurred and during diagnostics, system and registry data about software installations and hardware configurations, and error-tracking files.
· “Data Controller” means the natural or legal person, public authority, or any other body which alone or jointly with others determines the purposes and means of the processing of Personal Data (as defined below).
· “Data Processor” means a natural or legal person, public authority or any other body which processes Personal Data on behalf of the Data Controller.
· “Personal Data” means information about or relating to an individual, whether recorded or not, whether or not true or factual, which can be used to uniquely identify the individual either on its own or by reference to an identifier such as an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
· “Sensitive Personal Data” means any information related to genetic, biometric and health data, as well as personal data revealing racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership. Specific information types connected to an individual where misuse could negatively impact fundamental rights and freedoms of the data subject. This includes financial data of an individual, racial, genetic, health or lifestyle data.
· “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as
· collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
· “Sub-processor” means any third party engaged by the Data Processor to assist in data processing activities that the Data Processor is carrying out on behalf of the Data Controller.
Axon's Role
Data Processor
Axon is a Data Processor of Customer Content and Axon obtains no rights to Customer Content. The Customer is a Data Controller and controls and owns all right, title, and interest in and to Customer Content. Axon only processes Customer Content on behalf of the Customer in accordance with the Agreement and the Data Processing Agreement entered into between the parties.
Data Controller
Axon is a Data Controller for Non-Content Data. In regard to Customer Entity & User Data, Axon is a Data Controller and Customer is an independent Data Controller, not a joint Data Controller.
Axon processes Non-Content Data to provide Axon Cloud Services and to support the overall delivery and improvement of Axon Products including business, operational, and security purposes. Axon may analyze and report anonymized and aggregated Non-Content Data to communicate with external and internal stakeholders.
Data Collection Purposes and Processing Activities
Customer Content
Axon will only process Customer Content to provide Customer Axon Cloud Services including, without limitation, user authentication and authorization functionality, and to enable the functionalities according to the configuration selected by the Customer. Axon only processes Customer Content on behalf of the Customer in accordance with the Agreement and the Data Processing Agreement entered into between the parties. Axon will not use Customer Content for any advertising or other commercial purposes.
Axon periodically upgrades or changes Axon Cloud Services to provide customers with new features and enhancements in alignment with the Axon Evidence Maintenance Schedule. Axon communicates such upgrades or changes to customers one week prior to release via mechanisms outlined in the Maintenance Schedule.
Non-Content Data
Axon processes Non-Content Data to provide Axon Cloud Services and to support the overall delivery of Axon Products including business, operational, and security purposes.
Non-Content Data includes the following:
Customer Entity and User Data
Axon uses Customer Entity and User Data to: (1) provide Axon Cloud Services, including, without limitation, user authentication and authorization functionality; (2) improve the quality of Axon Products or provide enhanced functionality and features; (3) contact Customer to provide information about its account, tenant, subscriptions, billing, and updates to Axon Cloud Services, including, without limitation, information about new features, security and other technical issues; and (4) market our products or services to Customer via email, by sending promotional communication including targeted advertisements, or presenting a Customer with relevant offers.
Customer cannot unsubscribe from non-promotional communications, such as maintenance schedules, or similar notifications, but may unsubscribe from promotional communications at any time such as by clicking on an unsubscribe button at the bottom of such communications.
Customer Entity and User Service Interaction Data
Customer Entity and User Service Interaction Data includes data regarding Customers' interactions with Axon Cloud Services and Axon Client Applications. Axon processes Customer Entity and User Service Interaction Data to improve the quality of Axon Products and provide enhanced functionality and features.
Service Operations and Security Data
Axon processes "Service Operations and Security Data" to provide service operations and monitoring for its own purposes of ensuring the security of its services and systems. The processing of "Service Operations and Security Data" is necessary for Axon to monitor the security of its services, detect vulnerabilities, and act promptly on security breaches. Therefore, the processing is necessary to meet Axon's legal obligations, to maintain security standards and to fulfil our contractual commitments to the Customer.
Account Data
Axon uses Account Data to provide Axon Cloud Services, manage Customer's accounts, to market, and communicate with Customer by carrying out the administrative management of your registration and/or updating as a client, and the management and development of the contractual relationship with Customer and to contact Customer to provide information about its account, tenant, subscriptions, billing and updates to Axon Cloud Services, and to market our products or services to Customer via email, by sending promotional communications, including targeted advertisements, or by presenting Customer with relevant offers.
Support Data
Axon uses Support Data to resolve Customer’s support incident, and to operate, improve, and personalize Axon Products, including, without limitation, information about hardware, software, and other details gathered related to the support incident, such as contact or authentication information, chat session personalization, information about the condition of the device and the application when the fault occurred and during diagnostics, system and registry data about software installations and hardware configurations, and error-tracking files. Service Operations and Security Data may be part of the Support Data when required for this purpose.
If Customer shares Customer Content to Axon in a support scenario, or access to or processing of Customer Content is necessary to provide support, the Customer Content will be processed as Support Data and will only be used for resolving support incidents.
Axon may provide support through phone, email, online chat or sessions. Phone conversations, online chat sessions, or online sessions with Axon support professionals may be recorded and/or monitored for efforts such as training, future support, and evidentiary purposes.
Legal Basis for Processing Personal Data
CUSTOMER CONTENT
Axon’s legal basis for the collection and processing of Personal Data within Customer Content is to fulfill obligations to facilitate and process contractual transactions that take place when you interact with Axon Cloud Services.
NON-CONTENT DATA
Axon’s legal basis for the collection and processing of Personal Data within Non-Content Data is the legitimate interest to provide and support the delivery of our Services; investigate and help prevent security threats, fraud, or other malicious activity; enforce & protect the rights and properties of Axon or its affiliates; protect the rights and personal safety of Axon employees and third parties on or using the Services or Axon Products; and for the purposes which may be required by applicable laws and regulations.
Server and Data Location
Customer Content
Axon offers Axon Cloud Services in numerous geographic regions. Before creating an account, Customer determines where Axon will store Customer Content by designating an economic area.
Axon ensures that all Customer Content in Axon Evidence remains within the selected economic area, including, without limitation, all backup data, replication sites, and disaster recovery sites. Customer selected economic areas can be determined through review of Customer's Axon Cloud Services URL. Customer URLs conform to the <youragency>.<regioncode>.evidence.com scheme with the exception of US customers where the scheme may exclude the region code and is <youragency>.evidence.com. US Federal customers conform to the scheme <youragency>.us.evidence.com
Non-Content Data
Customer Entity and User Data
Customer Entity and User Data is located in Customer's selected economic area for Customer Content. Customer Entity and User Data may be copied or transferred to the United States.
Customer Entity and User Service Interaction Data
Customer Entity and User Service Interaction Data is located in Customer's selected economic area for Customer Content and the United States.
Service Operations and Security Data
Service Operations and Security Data is located in Customer's selected economic area for Customer Content and the United States.
Account Data and Support Data
Account and Support Data may be located in the United States and may be located in Customer's selected economic area for Customer Content.
Axon Cloud Services Sub-processors
Axon may rely on Sub-processors to provide or enhance Axon Products on its behalf. Axon only permits Sub-processors to use Customer Content to deliver to the Customer services that Axon offers. Axon prohibits Sub-processors from using Customer Content for any other purpose. Ownership of rights, titles, and interest in and to Customer Content remain with Customer.
Axon exercises commercially reasonable efforts in connection with contractual obligations to ensure its Sub-processors are compliant with all applicable data protection laws and regulations surrounding the Sub-processors access and scope of work in connection with Customer Content. Prior to onboarding Sub-processors, Axon audits the security and privacy practices of Sub-processors to ensure Sub-processors provide a level of security and privacy appropriate to the scope of their services.
Axon maintains an up-to-date list of the names and locations of the required Customer Content sub-processor(s) used to for standard Axon Cloud Services here. Please note, additional Sub-processors may be included depending on additional functionality requested during contracting and implementation. If additional information is needed, please contact Axon at privacy@axon.com.
Axon will give Customer notice of any new Sub-processor. If you are a current Axon Cloud Services customer with a data processing agreement in place with Axon, you may subscribe here to receive notifications of a new Sub-processor(s) before Axon authorizes any new Sub-processor to process Customer Content in connection with the provision of your service.
International Data Transfers
Personal Data within Non-Content Data may be subject to international data transfers outside the European Economic Area (EEA), United Kingdom, and Switzerland, which will be regulated in accordance with the mechanisms set out in the GDPR, UK-GDPR, and the Swiss FADP respectively, to safeguard the rights and freedoms of the data subject and ensure a level of protection equivalent to that required by European, United Kingdom, and Swiss regulations.
Axon complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Axon has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Axon has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Axon commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Axon at privacy@axon.com.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Axon commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.
If you are an EU, Swiss or UK Individual, where we transfer your personal data to third party service providers (see above) who perform services for us or on our behalf, we are responsible for the processing of that data by them and shall remain liable if they process your personal data in a manner inconsistent with the DPF Principles referred to below, unless we prove that we are not responsible for the event giving rise to the damage.
Axon is subject to the investigatory and enforcement powers of the United States Federal Trade Commission regarding compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
To the extent the above mechanisms cannot be used to adequately safeguard transfers outside the EEA, United Kingdom, or Switzerland, Axon will put in place alternate safeguards, as appropriate (such as Standard Contractual Clauses (SCCs) and Transfer Impact Assessments (TIA).
Information Sharing
Axon may share data with its subsidiaries, legal entities, third party service providers and other partners to help us operate, including for providers to facilitate: (1) user account management, authentication, analytics, and communication, (2) product features, e.g. product development, and error analytics, (3) customer service and support, and (4) security monitoring and investigation.
Required Disclosures
Axon will not disclose Customer Content or Non-Content Data to Government Authorities except as required by any law or regulation. If permitted, Axon will notify Customer if any disclosure request is received for Customer Content so Customer may challenge or object.
Data Security Measures
Axon is committed to helping protect the security of Customer Data. Axon has established and implemented policies, programs, and procedures that are commercially reasonable and in compliance with applicable industry practices, including administrative, technical, and physical safeguards to protect the confidentiality, integrity and security of Customer Content and Non-Content Data against unauthorized access, use, modification, disclosure, or other misuse.
Axon will take appropriate steps to ensure compliance with the data security measures by its employees, contractors, and Sub-processors, to the extent applicable to the respective scope of performance.
Additional information regarding Axon’s Data Security program can be found by visiting https://trust.axon.com
Confidentiality
Customer Content and Non-Content Data is encrypted in transit over public networks. Customer Content is encrypted at rest in all Axon Cloud Service regions.
Axon protects all Customer Content and Non-Content Data with strong logical access control mechanisms to ensure only users with appropriate business needs have access to data. Third-party specialized security firms periodically validate access control mechanisms. Access control lists are reviewed periodically by Axon.
Integrity
As Evidence is ingested into Axon Cloud Services, a Secure Hash Algorithm (“SHA”) checksum is generated on the upload device and again upon ingestion into Axon Cloud Services. If the SHA checksum does not match, the upload will be reinitiated. Once upload of Evidence is successful, the SHA checksum is retained by Axon Cloud Services and is made viewable by users with access to the Evidence audit trail for the specific piece of Evidence. Tamper-proof audit trails are created automatically by Axon Cloud Services upon ingestion of any Evidence.
Availability
Axon takes a comprehensive approach to ensure the availability of Axon Cloud Services. Axon replicates Customer Content over multiple systems to help to protect against accidental destruction or loss. Axon Cloud Services systems are designed to minimize single points of failure. Axon has designed and regularly plans and tests its business continuity planning and disaster recovery programs.
Isolation
Axon logically isolates Customer Content. Customer Content for an authenticated customer will not be displayed to another customer (unless Customers explicitly create a sharing relationship between their tenants or shared data between themselves). Centralized authentication systems are used across an Axon Cloud Service region to increase uniform data security.
Additional role-based access control is leveraged within Customer’s Axon Cloud Service tenant to define what users can interact with or access Customer Content. Customer solely manages the role-based access control mechanisms within its Axon Cloud Services tenant.
Within the Axon Cloud Services supporting infrastructure, access is granted based on the principle of least privilege. All access must be approved by system owners and undergo at least quarterly user access reviews. Any shared computing or networking resource will undergo extensive hardening and is validated periodically to ensure appropriate isolation of Customer Content.
Non-Content Data is logically isolated within information systems such that only appropriate Axon personnel have access.
Personnel
Axon personnel are required to conduct themselves in a manner consistent with applicable law, the company’s guidelines regarding confidentiality, business ethics, acceptable usage, and professional standards. Axon personnel must complete security training upon hire in addition to annual and role-specific security training.
Axon personnel undergo an extensive background check process to the extent legally permissible and in accordance with applicable local labor laws and statutory regulations. Axon personnel supporting Axon Cloud Services are subject to additional role-specific security clearances or adjudication processes, including Criminal Justice Information Services background screening and national security clearances and vetting.
Data Breach
Notification
If Axon becomes aware of unlawful or unauthorized access to, disclosure, alteration, or destruction of Non-Content or Customer Data, we will notify affected Customers and relevant authorities as necessary.
Data Portability, Migration, and Transfer Back Assistance
Data Portability
Evidence uploaded to Axon Cloud Services is retained in original format. Evidence may be retrieved and downloaded by Customer from Axon Cloud Services to move data to an alternative information system. Evidence audit trails and system reports may also be downloaded in various industry-standard, non-proprietary formats.
Data Migration
In the event Customer’s Axon Cloud Services is terminated, Axon will not delete any Customer Content during the 90 days following termination. During this 90-day period, Customer may retrieve Customer Content only if Customer has paid all amounts due (there will be no application functionality of the Axon Cloud Services during this 90-day period other than the ability for Customer to retrieve Customer Content). Customer will not incur any additional fees if Customer downloads Customer Content from Axon Cloud Services during this 90-day period. Axon has no obligation to maintain or provide any Customer Content after the 90-day period and thereafter, unless legally prohibited, will delete Customer Content upon termination as part of normal retention and data management instructions from customers. Upon written request, Axon will provide written proof that all Customer Content has been successfully deleted and removed from Axon Cloud Services.
Post-Termination Assistance
Axon will provide Customer with the same post-termination data retrieval assistance that is generally made available to all customers. Requests for additional assistance to Customer in downloading or transferring Customer Content will result in additional fees and Axon cannot warrant or guarantee data integrity or readability in the external systems.
Children's online privacy protection
Axon takes seriously its obligations under the Children’s Online Privacy Protection Act. We do not knowingly collect Non-Content Data regarding children under 18.
Data Subject Rights
Non-Content Data
In some jurisdictions you have the rights described below with respect to your Personal Data. You may have the rights described below:
· Access and obtain a copy of your Personal Data on request;
· Require Axon to change incorrect or incomplete Personal Data;
· Require Axon to delete or stop processing your Personal Data, for example where the Personal Data is no longer necessary for the purposes of processing;
· Object to the processing of your Personal Data where Axon is relying on its legitimate interests as the legal ground for processing; and
· Withdraw your consent in circumstances where consent is the legal basis for processing.
If you would like to exercise any of these rights or have any questions, please contact us at
privacy@axon.com. To submit a deletion request, please complete this form.
If you believe that Axon has not complied with your data protection rights, you may have the right to lodge a complaint with a supervisory authority, in particular in the jurisdiction where you work, normally live or where any alleged infringement of data protection laws occurred.
In the EEA: the data protection authority of their place of residence;
In the United Kingdom: the UK Information Commissioner’s Office (“ICO”);
In Switzerland: the Federal Data Protection and Information Commissioner (“FDPIC”).
In the United States, please contact your applicable State Attorney General.
In other locations around the world, their local data protection authority.
If personal data covered by this Privacy Notice is to be used for a new purpose that is materially different from that for which the personal data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party in a manner not specified in this policy, Axon will provide you with an opportunity to choose whether to have your personal data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to us as specified in the “How to Contact Us” section below.
Certain personal data, such as information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, is considered “Sensitive Information.” Axon will not use Sensitive Personal for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless Axon has received your affirmative and explicit consent (opt-in).
Customer Content
Customers may process Personal Data regarding an individual when leveraging Axon Cloud Services. In such cases, we are processing such personal data purely on behalf of our Customers and any individuals who seek to exercise their rights should first direct their query to our Customer, the Data Controller.
Axon will work with Customers to provide access to Personal Data that Axon or Sub-processors hold. Axon will also take reasonable steps to enable Customers to correct, amend, or delete Personal Data that is demonstrated to be inaccurate.
Data Retention
Customer Content
Customer defines Evidence retention periods pursuant to Customer’s internal retention policies and procedures. Customer can establish its retention policies within Axon Cloud Services. Therefore, Customer controls the retention and deletion of its Evidence within Axon Cloud Services.
Non-Content Data
Axon maintains internal disaster recovery and data retention policies in accordance with applicable laws and regulations. The disaster recovery plan relates to Axon's data and extends to Axon Cloud Services and Customer Content stored within.
Axon's data retention policies relate to Axon's Non-Content Data. Axon's data retention policies instruct for the secure disposal of Non-Content Data when such data is no longer necessary for the delivery and support of Axon products and services and in accordance with applicable regulations. We will retain Non-Content Data for as long as needed to provide services, comply with our legal obligations, resolve disputes, and enforce our agreements.
Your California Privacy Rights
Pursuant to the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act ("CPRA"), we provide this California Consumer Privacy Act Addendum (the "CCPA Addendum") to California residents ("consumers" or "you" or “your”). This CCPA Addendum supplements the information contained in our Axon Cloud Services Privacy Notice. Any capitalized term used but not defined in this Notice has the meaning given in our Axon Cloud Services Privacy Notice.
This CCPA Addendum does not apply to information we collect about individuals in their capacity as present or former job applicants or employees of Axon or the use of the Axon website. Nor does this amendment cover processing of Customer Content within Axon Cloud Services.
Categories of Personal Information Collected
Sources of Personal Information
We obtain the categories of Personal Information listed above directly from you as well as from the following categories of sources: our corporate affiliates, third-party business partners, and other third-party sources.
Use of Personal Information
We use Personal Information for a variety of business and commercial purposes, as described this Axon Cloud Services Privacy Notice.
Your Consumer Rights under the CCPA
California law grants state residents certain rights, including the rights to know and access specific types of Personal Data, to learn how we process Personal Data, to request deletion of Personal Data, to request correction of Personal Data, to opt-out of sharing your Personal Data for third party advertising purposes, and not to be denied goods or services for exercising these rights.
If you would like to exercise any of these rights please contact us at privacy@axon.com.
Right to Opt-Out of Selling or Sharing
In the preceding 12 months, Axon has not sold or shared (as those terms are defined in the CCPA) any Personal Data.
Authorized Agents
To make a request as an authorized agent on behalf of a California resident, you may use the submission methods noted above. Please provide us with a copy of the consumer’s written authorization designating you as their agent.
Nondiscrimination
We will not unlawfully discriminate against you for exercising your rights under the CCPA.
Additional Information about specific Axon Cloud Services
The following information pertains to specific privacy and data processing activities associated with certain Axon Cloud Services. If you are a user of any of the below products, please read the applicable language carefully.
Community Request
Community Request services may facilitate the transmission of information and content voluntarily submitted including certain metadata associated therewith, (collectively, “Submissions”) by an individual completing questionnaires, while using Community Request (“Survey Participant”), to our Customer that uses the Community Request service. Our Customer which requests Submissions through Community Request receives those Submissions - once transmitted, the Submissions remain in the possession of the requesting Customer and Axon does not own or control any copies. The Customer is thus the Data Controller of Submissions data. The Customer to which a Survey Participants transmits the Submission will own and control such Submission, and the privacy practices of Axon’s Customer will apply.
Additionally, Community Request automatically collects certain details about a Survey Participant usage of Community Request and their device. Axon may automatically collect certain details of your access to and use of Community Request, including traffic data, location data, logs, and other communication data and the resources that you access and use on or through Community Request. We may collect information about your mobile device and internet connection, including the operating system, IP address, browser type, and mobile network information.
My90
My90 services may facilitate the transmission of information and content voluntarily submitted including certain metadata associated therewith, (collectively, “Submissions”) by an individual completing questionnaires, while using My90 (“Survey Participant”), to our Customer that uses the My90 service. Survey Participants should not submit Personal Data as part of a Submission. If Personal Data is submitted, Axon will remove or de-identify the Submission.
Axon will analyze and aggregate Submissions to evaluate Customer interactions with respondents or to obtain insight. For example, this is done to understand the effectiveness of existing emergency response processes or to understand sentiment towards My90 Customers. This information can help Axon, and its Customers obtain insights and comparison on community trends and accordingly implement or recommend implementation of measures to improve policing.
Axon may also share aggregated Submissions publicly or privately through various mediums. We share this information to provide insights and comparisons on general policing and community trends. Prior to sharing this information, Axon will ensure that the Submission has been aggregated and de-identified so it can no longer be linked directly to a respondent.
Outside of the usage of Submissions, My90 automatically collects certain details about a Survey Participant usage of My90 and their device. Axon may automatically collect certain details of your access to and use of My90, including traffic data, location data, logs, and other communication data and the resources that you access and use on or through My90. We may collect information about your mobile device and internet connection, including the operating system, IP address, browser type, and mobile network information.
Axon Fusus
We process Customer Content on behalf of and as a Data Processor, and to the extent necessary to provide Services to our Customers. To provide our Customers with our Services, we may process and store Customer Content that is captured and recorded when our Customers and their users operate our Products and other Services, such as video or audio recordings, live video or audio streams, images, comments, and data our products collect from their surrounding environment to perform their functions (such as motion, events, temperature and ambient light). The Customer is thus the Data Controller of Customer Content collected by Fusus and the privacy practices of Axon’s Customer will apply.
Axon Fusus Terms of Use prohibits the use of cameras set by our Customers with our Platform or other Services in locations where a person has a reasonable expectation of privacy. We require our Customers to conduct any video monitoring through our Services in compliance with applicable laws, regulations and policies, including non-discrimination, sexual harassment, among others. Therefore, monitoring in the bathrooms, locker rooms, or other areas where individuals have a reasonable expectation of privacy is prohibited;
Axon Fusus Terms of Use also specifies that the camera positions and views are limited to open, common and public areas, unless otherwise permitted by a court order authorized by a court of competent jurisdiction relating to an investigation by a law enforcement agency.
Additionally, Axon Fusus may automatically collect certain details about users of Axon Fusus Products or Services. Axon may automatically collect certain details of your access to and use of Axon Fusus Products or Services, including traffic data, location data, logs, and other communication data and the resources that you access and use on or through Axon Fusus Products or Services.
How to Contact Us
If you have any questions or concerns regarding Axon's privacy practices or the content of this Notice, please contact privacy@axon.com.