Last updated: October 2024
SmartMDU Service Activation and Payments Portal Privacy Policy
We respect your privacy, and as such, we strive to collect the minimal amount of information necessary to operate our services. By accessing our website or utilizing our services, you agree that your information will be collected and handled as described in this policy. If you are not
our direct customer, the broadband service provider, landlord, property manager or similar entity responsible for delivering access to wired and wireless high-speed internet services to you ("MDU Service Provider”) may have additional or different privacy terms applicable to your use
of our services, including the Service Activation and Payments Portal (“Portal”).
This Privacy Policy does not apply to information collected when you use any Portal features that are provided by third parties like the hosted payments pages or inline frames that allow you to make payments to your MDU Service Provider (“Third-Party Services”). Calix lets you know you are using Third-Party Services by identifying the provider in the Portal and by delineating their features using a border or similar visual marker. The provider also includes a link in the Portal where you can view the terms that apply to your use of the Third-Party Services. You should review these terms and the privacy policies of the Third-Party Services to determine how your data will be used before sharing it with them.
Background
The Portal is a Web application that enables users who are residents of a multi-dwelling unit property to activate Internet access and Wi-Fi service in their living unit (“Services”) and make payments to the MDU Service Provider. The MDU Service Provider determines which residents
can access the Portal as users and has engaged Calix to host the Portal on its behalf.
Portal Features
The Portal allows the MDU Service Provider to provide MDU tenants the following:
- Setup Portal and CommandIQ mobile app accounts
- Activate Services
- Make and manage payments for Services
Information We Collect
The Portal collects the following types of personal information when you sign-up for it and use it:
Tenant Personal Information:
• Name
• Email address
• Phone number
• Services purchased
• Credit Card Information
Please note, Credit Card Information is not collected directly or stored by Calix. When you enter your Credit Card Information to pay for Services in the Portal, this information is directly collected and stored through a hosted payments page or inline frame belonging to a third-party
payment Processor, Paymentus. Accordingly, data collected and stored by Paymentus is governed by Paymentus’ Privacy Policy located at https://www.paymentus.com/.
Categories of Data
Below is a summary of the categories of personal information that we have collected in the course of providing our Services in the last 12 months.
| Category | Examples | Collected | Business Purpose |
| A. Identifier | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | Yes | Onboard tenant and provide Wi-Fi connectivity services |
| B. Personal Information categories listed in the California Records statue | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license, or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. | Yes | Onboard tenant and provide Wi-Fi connectivity services |
| C. Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | No | Not collected |
| D. Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes | Onboard tenant and provide Wi-Fi connectivity services |
| E. Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | No | Not collected |
| F. Internet or similar network activity | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | Yes | Product Improvement |
| G. Geolocation data | Physical location or movements | No | Not collected |
| H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information | No | Not collected |
| I. Professional or employment- related information | Current or past job history or performance evaluations. | No | Not collected |
| J. Non-public education information | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary codes. | No | Not collected |
| K. Inferences drawn from other personal information | Profile a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | No | Not Collected |
| Sensitive Personal Information Category | Examples | Collected | Business Purpose |
| A. Government identifiers | Social security, driver’s license, state identification card, or passport number. | No | Not collected |
| B. Complete account access credentials | Usernames, account numbers, or card numbers combined with required access/security code or password. | No | Not collected |
| C. Precise geolocation | Your geolocation is within a radius of 1,850 feet. | No | Not collected |
| D. Racial or ethnic origin | Information regarding your race or ethnicity. | No | Not collected |
| E. Religious or philosophical beliefs | Information regarding your religious or philosophical beliefs or practices. | No | Not collected |
| F. Union membership | Whether or not you are a union membership. | No | Not collected |
| G. Genetic data | Data pertaining to your DNA or genes. | No | Not collected |
| H. Mail, email, or text message contents not directed to us | Contents of any message that is not sent to Calix. | No | Not collected |
| I. Unique identifying biometric information | Imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. | No | Not collected |
| J. Health, sex, life, or sexual orientation information | Information pertaining to your health, fitness, sexual orientation or identity or expression | No | Not collected |
The information we collect is covered by this Privacy Policy, and the information collected by third parties is subject to that site’s or platform’s privacy policies.
How we use the Information
On behalf of the MDU Service Provider, we use the information collected through the Portal to:
- Set up Portal and Command IQ mobile app accounts
- Activate Internet access and Wi-Fi service in living units
- Enable users to make and manage payments through third parties
Disclosure of Information
We will not sell or rent your personal information to other companies. Except in the situations described below, we will not disclose your Personal Information to outside parties.
- To third party service providers for processing or fulfilling orders.
- For legal compliance. Like all companies, we may need to comply with orders and similar legal requests for information from courts, law enforcement authorities, and government agencies.
- Change of control event. We reserve the right to transfer personal information to a new entity or third party as part of a change of control event like a merger, acquisition, reorganization, sale of some or all our assets, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including, without limitation, in connection with any bankruptcy or similar proceedings).
In connection with the essential purposes described above, in the preceding twelve (12) months, Calix has not sold personal information.
Children Under the Age of 16
The App is not intended for children under 16 years of age, and on behalf of its BSPs, Calix does not knowingly collect personal data of children under 16, without parental consent. If Calix learns that personal data from a child under 16 has been obtained or received without verification of parental consent, Calix will delete that information. If you believe Calix might have any information from or about a child under 16, please notify Calix by completing a Request Form (clicking the link will take you to TrustArc, whom Calix has engaged to assist with personal information requests).
Data Security
All information you provide to us is stored on our secure servers behind firewalls. Calix utilizes mechanisms such as intrusion detection systems, intrusion prevention systems, firewalls and encryption to secure information from accidental loss and from unauthorized access, use, alteration, and disclosure.
Calix deploys Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to alert and proactively contain potential threats. Enhanced security visibility and coverage is enabled through added layers of firewall and IDS beyond the network perimeter. Management connections to servers are always authenticated and encrypted via Secure Shell (SSH) when administration access is required for troubleshooting, patch management, and upgrades.
Calix runs automated vulnerability scanning on all perimeter systems to identify potential security risks. Scanning applications are regularly updated to remain current and up to date on important security vulnerabilities. Patches are applied to all relevant systems unless a compensating control is implemented.
Calix uses a variety of industry-standard security technologies and best practices to help protect information from unauthorized access, use, or disclosure. All data stored on the Calix systems is encrypted following industry standards using the strongest keys and ciphers. All communications with the App are protected with industry standard security protocols. You control access to your account. You must keep your login credentials and passwords secure and protected and maintained as confidential. Calix is not responsible for any circumvention of any privacy settings or security measures provided.
Data Storage and Retention
Your Personal Information is stored by Calix on its servers, and on the servers of the cloud-based infrastructure services Calix engages, which may be in the United States. Calix retains data for the duration of the business relationship between Calix and the Calix Customer.
Your Choices About Our Collection, Use, and Disclosure of Information
Depending on your jurisdiction and the type of data collected, you may have the following rights with respect to your personal information depending on the applicable state consumer privacy laws.
a. Notice.
b. Access.
c. Correction.
d. Deletion.
e. Opt-out of sale or sharing of personal information.
f. Limit use of sensitive personal information.
g. Portability.
h. Opt-out of automated decision-making and profiling.
i. Appeal.
j. Non-discrimination.
You can exercise your rights by clicking the Request Form link in the “Contacting Us” section below.
Other California Privacy Rights
The State of California also grants California residents privacy rights unrelated to the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”). Those rights include the California “Shine the Light Law” (Civil Code Section § 1798.83), which permits California residents to request certain information regarding our disclosures of personal information to third parties for their direct marketing purposes. Calix does not disclose personal information to third parties for their direct marketing purposes.
Changes to this Privacy Policy
The date the Privacy Policy was last revised is identified at the end of this Privacy Policy. You are responsible for periodically visiting this Privacy Policy to check for any changes.
Contact Information
For questions about your service, please contact your BSP directly. To ask questions or comment about this Privacy Policy and Calix’s privacy practices for the Cloud Services provided to your BSP, contact your BSP or complete this Request Form (clicking the link will take you to TrustArc, whom Calix has engaged to assist with personal information requests).