Effective June 2024
Mobix Labs, Inc. and its subsidiaries (collectively, “Mobix Labs”) value your privacy. This Privacy Notice (“Notice”) describes how Mobix Labs collects, stores, uses, and discloses your Personal Data. “Personal Data” means any information relating to an identified or identifiable individual. In this Notice, “Mobix Labs” refers to the relevant Mobix Labs company(ies) processing your Personal Data.
This Notice governs Mobix Labs’s collection and processing of your Personal Data in the context of your interactions with Mobix Labs, including where you visit Mobix Labs’s website (“Site”), receive marketing communications, do business with Mobix Labs on behalf of your organization, or are a user of a Mobix Labs services procured by your organization. Mobix Labs collects and processes Personal Data related to your use of such services. This Notice does not apply where your Personal Data is submitted to Mobix Labs’s services for processing by Mobix Labs on behalf of your organization. In that context, Mobix Labs will process your Personal Data pursuant to the terms of the data processing agreement in place between your organization and Mobix Labs. This Notice does not govern Mobix Labs’s collection and processing of Personal Data in the context of employment or candidacy for employment.
What Information Does Mobix Labs Collect About You and Why?
Mobix Labs may ask you to provide Mobix Labs with Personal Data about yourself in order to provide services to you. If you choose not to provide Personal Data that Mobix Labs has asked for, it may delay or prevent Mobix Labs from providing services to you. Mobix Labs may collect the following categories of Personal Data about you:
Personal Data may be required to determine access eligibility for certain restricted parts of Mobix Labs’s Site or services. Personal Data about you collected online may be combined with information provided offline or collected from trusted third-party sources.
Information Mobix Labs Collects Directly From You.
Mobix Labs collects Personal Data about you when you visit Mobix Labs’s Site, register or subscribe for Mobix Labs’s services, order Mobix Labs’s products or services, create an account on Mobix Labs’s Site, request marketing or publications to be sent to you, give Mobix Labs feedback on Mobix Labs’s products, services or Site, sign up for an event or webinar, have phone calls with sales representatives, or when you contact customer support.
Information Mobix Labs Collects From a Third Party.
Mobix Labs also may collect Personal Data about you from third party sources, such as someone authorized by you to act on your behalf, third-party services that you use that utilize or interact with Mobix Labs’s services, or where your Personal Data is provided to us by an event partner. Mobix Labs may also collect your Personal Data from other sources as and when permitted by applicable laws, such as public databases, joint marketing partners, and social media platforms.
Information Mobix Labs Collects Automatically, including via Cookies and Similar Tracking Technologies.
Mobix Labs may automatically collect information about your use of Mobix Labs’s Site, or services through cookies, web beacons, and other technologies. Mobix Labs may combine this information with other information that Mobix Labs has collected about you such as your username. Please see Mobix Labs’s .
In connection with providing the services, Mobix Labs may collect, modify and analyze metadata and/or operations data, such as system log files, configuration, performance, usage data and transaction counts, from Mobix Labs’s software or systems hosting the service, and from your organization’s systems, applications, and devices that are used with the service which relate to system utilization and performance statistics.
How Does Mobix Labs Use Your Information?
Mobix Labs uses the information collected about you as appropriate and relevant for the following commercial purposes:
Such information may include among others, your name, location and business contact information, information related to the services you are using, preferences you have selected while visiting the Site, message content and network identifiers related to contacting Mobix Labs or using the Site.
Mobix Labs uses the information collected about you as appropriate and relevant for the following business purposes:
Such information may include among others, your name, location and business contact information, information related to the products you are using, preferences you have selected while visiting Mobix Labs’s website, messages content and network identifiers related to you contacting Mobix Labs or using Mobix Labs’s websites.
De-Identified Data.
Mobix Labs will not attempt to re-identify de-identified data unless it is reasonably necessary for security or fraud prevention purposes.
Sensitive Personal Data.
Mobix Labs will only process any special categories of Personal Data (“Sensitive Personal Data”) relating to you for specific purposes outlined above or in relevant supplemental notices, because either: 1. You have given Mobix Labs your explicit consent to process that information; or 2. The processing is necessary to carry out Mobix Labs’s obligations under applicable law; 3. The processing is necessary for the establishment, exercise or defense of legal claims; or 4. You have made the information public.
Biometric data
Mobix Labs does not collect, capture, possess, receive, or process any biometric data such as retina or iris scans, fingerprints, voiceprints, or scans of hand or face geometry, and Mobix Labs expressly prohibits Mobix Labs’s customers from providing any such data to Mobix Labs without relevant authorization, if applicable.
Mobix Labs does provide certain multifactor authentication services to its customers, whereby a key pair with a public and a private key is created. The private key will remain on the device used by the end user and the public key will be sent to Mobix Labs. If a customer chooses to enable end user biometrics for authentication purposes, such biometric data will only be stored locally on the end user’s device, for use by the end user to access the private key created and retained on the end user’s device. Mobix Labs does not collect or have access to data that would be considered “biometric” and the public key does not derive or contain any biometric data. Mobix Labs only uses the public key to verify customers’ end user’s access privileges. End users may remove the public key through the product’s self-service console, or it will be deleted once the Customer’s contract with Mobix Labs is terminated.
Legal Basis of Processing
In order to collect, use and otherwise process your Personal Data for the above listed commercial and business purposes, Mobix Labs may rely on the following legal bases as appropriate and relevant in the specific context:
Legal Basis of Processing Of Personal Data For The Purposes Of Fraud Prevention And Network and Information Security as part of Mobix Labs’s Services
Mobix Labs processes Personal Data for fraud prevention and network and information security purposes when providing Services. Pursuant to applicable privacy legislation, organizations have a recognized legitimate interest in collecting and processing Personal Data to the extent necessary and proportionate for preventing fraud and ensuring network and information security. Network and information security means the ability of a network or of an information system to resist events, attacks or unlawful or malicious actions that could compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted data, or the security of the related services offered by, or accessible via those networks and systems.
As a provider of payment security services and cybersecurity technologies and services, it is in Mobix Labs’s legitimate interests to collect and process Personal Data to the extent necessary and proportionate for the purposes of preventing fraudulent payment transactions, or “fraud” and ensuring the security of Mobix Labs’s customers’ payment transactions and information networks and systems. This includes the development of payment transaction records and of threat intelligence resources aimed at maintaining and improving on an ongoing basis Mobix Labs’s ability to detect fraud and the ability of networks and systems to resist unlawful or malicious actions and other harmful events affecting information networks and systems, or “cybersecurity threats.”
The Personal Data Mobix Labs processes for the prevention of fraud includes, but is not limited to:
The Personal Data Mobix Labs processes for network and information security purposes include, without limitation, network traffic data related to cybersecurity threats such as:
Depending on the context in which such data is collected, it may contain Personal Data concerning you or any other data subjects. In such cases Mobix Labs will process the Personal Data concerned only to the extent necessary and proportionate to the purposes of detecting, blocking, reporting, and mitigating the fraud or cybersecurity threat of concern to you, and to all organizations relying on Mobix Labs’s products and services to secure their payment transactions and information networks and systems. When processing Personal Data in this context, Mobix Labs will only seek to identify data subjects:
If you believe that your Personal Data was unduly collected or is unduly processed by Mobix Labs for such purposes, please refer to the “Your Rights” and “Contact Mobix Labs” sections below. Please be aware that if it is determined that Personal Data concerning you is processed by Mobix Labs because it is critical for the prevention of, or the detection, blocking or mitigation of cybersecurity threats, then in certain cases the legitimate interest to pursue such processing may be compelling enough to override access, objection, rectification or erasure requests related to the data concerned
Automated Individual Decision-Making And Profiling
Where Mobix Labs processes payment transaction security or network traffic data for the purpose of fraud prevention or network and information security, automated decisions concerning particular payment transactions or cyber events may be made. This could involve in particular assigning relative payment fraud risk, respectively cybersecurity risk scores to ongoing or recent payment transactions, information network activities or system behaviors. Such automatically assigned risk scores may be leveraged by you, by Mobix Labs, by Mobix Labs’s partners and by other customers to detect, block and mitigate the detected fraud or cybersecurity threat. They could therefore result in said partners and customers blocking payment transactions they deem to be fraudulent, halting network traffic coming from or going to suspected or known malicious addresses. Such processing is not intended to produce any other effect than protecting you, Mobix Labs, Mobix Labs’s partners and Mobix Labs’s other customers from fraudulent payment transactions, respectively cybersecurity threats. Should you consider that such automated processing is unduly affecting you in a significant way, please contact directly the relevant data controller whose use of Mobix Labs’s services is impacting you. In case that data controller is Mobix Labs, please refer to the “Your Privacy Rights” and “Contact Mobix Labs” sections of this Notice to raise your concerns and to seek Mobix Labs’s help in finding a satisfactory solution.
Processing Of Pseudonymous Data To Improve the Performance of Mobix Labs Hardware
Certain mobile devices equipped with a Mobix Labs GPS chip occasionally require querying Mobix Labs’s geolocation assistance server. At the user’s request when launching a geolocation service on their device, the chip will transmit to Mobix Labs over TCP/IP the device’s then current broad city level location. In response, the server will designate to the chip the then-relevant satellites to connect to. This service reduces the time needed for the chip to achieve accurate GPS location from about 15 minutes to less than 1 minute. Mobix Labs does not manually access, inspect, disclose, retain, correlate, or reuse any of the data associated with this service. The logs related to this service only contain the dynamic IP address from which the device connected to the service, and these logs are purged on a rolling 24-hour basis. Mobix Labs is not in a position to identify any individual end-user based on the information involved in this service.
To Whom Does Mobix Labs Disclose Your Information And Why?
Mobix Labs may disclose Personal Data collected about you as follows:
Site Visitors.
Your username and any information that you post to Mobix Labs’s Site, including, without limitation, reviews, comments, pictures, and text will be available to, and searchable by, all users of the Site.
Affiliates or Subsidiaries.
Data Mobix Labs collects about you may be disclosed to Mobix Labs’s affiliates or subsidiaries.
Unaffiliated Third Parties.
Certain data about you may be disclosed to select resellers and/or distributors, particularly if you or your company have purchased through a third party before.
Service Providers.
Data Mobix Labs collects information about you that may be disclosed to third party vendors, service providers, contractors or agents who perform functions on Mobix Labs’s behalf.
Personal data collected through and for the purposes of user-requested alerts and service notifications, including but not limited to short code text messages in the U.S. and Canada, will not be disclosed, shared, sold, or rented to any affiliated or unaffiliated third parties for marketing purposes.
Business Transfers. Personal
Data Mobix Labs has collected information about whether you may be transferred to another company as part of a merger, acquisition, or divestiture by or of that company.
Consent.
Mobix Labs may disclose your personal information to other recipients for any purpose with your consent.
Legal Obligations and Rights.
Mobix Labs may disclose your Personal Data to any legally entitled recipients: (i) in connection with the establishment, exercise or defense of legal claims; (ii) to comply with laws or to respond to lawful requests or legal process; (iii) for fraud or security monitoring purposes (e.g., to detect and prevent cyberattacks); (iv) to protect the rights of Mobix Labs or its employees; or (v) as otherwise permitted by applicable law.
If Mobix Labs discloses your Personal Data, to the extent reasonably practicable and permissible, Mobix Labs will require its recipients to comply with adequate privacy and confidentiality requirements, and security standards.
When you visit a Mobix Labs Site, cookies, if any, will be used in accordance with Mobix Labs’s Cookie Notice, and in line with your cookie choices made in the cookie management tool. Mobix Labs does not sell your Personal Data for money, however use of some cookies may constitute “selling” or “sharing” Personal Data under the California Privacy Rights Act. If you do not wish Mobix Labs to “sell” or “share” your data in the meaning of the California Privacy Rights Act, you may use the Do Not Sell or Share button available in the website’s cookie management tool at any time to turn off cookies. If Mobix Labs recognizes the Global Privacy Control (GPC) signal or Do Not Track signal from your browser, Mobix Labs will disable non-essential cookies. See Mobix Labs’s Cookie Notice for more information.
What About Links To Other Websites?
Mobix Labs’s Site and services may contain links to third party websites for your convenience. Any access to and use of such linked websites will cause you to leave the Site. Third party websites, even if potentially serving content co-branded by Mobix Labs, are not governed by this Notice, but instead are governed by their own privacy notices. Mobix Labs recommends that you check the privacy notices of every third-party website you visit before providing any Personal Data. Mobix Labs does not control those third-party websites and are not responsible for their content or their privacy practices. Thus, Mobix Labs does not endorse or make any legal representations about them. If you decide to access any of the third party websites linked from Mobix Labs’s Site, you do so entirely at your own risk.
How Does Mobix Labs Secure Your Personal Data?
Mobix Labs has implemented administrative, technical, physical, electronic, and managerial procedures to safeguard and secure the information Mobix Labs collects from loss, misuse, unauthorized access, disclosure, alteration, and destruction and to help maintain data accuracy and ensure that your Personal Data is used appropriately. Mobix Labs has a global Privacy Program. Its charter is to ensure appropriate privacy processes are in place in order to meet the practices outlined herein. Where Personal Data is processed by service providers on behalf of Mobix Labs, Mobix Labs has implemented a comprehensive process requiring those service providers to also comply with applicable data protection laws.
How Long Does Mobix Labs Retain Your Personal Data?
Mobix Labs will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Notice and/or in applicable supplemental notices, unless a longer retention period is required by law.
Your Rights
Depending on your country or state of residence you may have some or all of the rights described below with respect to your Personal Data.
It is Mobix Labs’s legal obligation to validate any request Mobix Labs receives before responding.
Email and Marketing.
In most instances, Mobix Labs gives you options with regard to the Personal Data you provide, including choices with respect to marketing materials. You may manage your receipt of marketing and non-transactional communications by: (i) clicking on the “unsubscribe” link in marketing emails; or (ii) checking certain boxes on Mobix Labs’s preference center which can also be found on certain forms Mobix Labs uses to collect Personal Data.
Access.
You may request information regarding Personal Data which Mobix Labs collects and holds about you and the source(s) of that information. To access your Personal Data, return to the product, service, or web page where you originally entered it and follow the instructions in your user interface or on that web page.
Please note that copies of information that you have updated, modified, or deleted may remain viewable in cached and archived pages particularly of the Site for a limited period of time. If you request a change to or deletion of your Personal Data, Mobix Labs may still need to retain certain information for record-keeping purposes, and/or to complete any transactions that you began prior to requesting such change or deletion (e.g., when you make a purchase, you may not be able to change or delete the Personal Data provided until after the completion of such purchase). Some of your information may also remain within Mobix Labs’s systems and other records where necessary for compliance with applicable law.
You can request a copy of any Personal Data Mobix Labs holds about you, and of which you don’t already have a copy. This service is usually free of charge, although Mobix Labs has the right to charge a ‘reasonable fee’ in some circumstances;
Rectification.
You have the right to request that Mobix Labs rectifies any inaccuracies in relation to the Personal Data Mobix Labs holds about you;
Erasure.
In some circumstances, you have the right to request the erasure of your Personal Data or object to the further processing of your information;
Restriction of Processing.
In some circumstances, you have the right to require Mobix Labs to restrict processing of your Personal Data;
Objection.
You have the right to object to any direct marketing or to other processing of your Personal Data based on Mobix Labs’s or on third parties’ legitimate interests, unless such interests are compelling enough to override your objection;
Not to be discriminated against for exercising any of your other privacy rights.
You may exercise any of your rights in this section without Mobix Labs discriminating against you in any way. Note however that you may be subject to differentiated treatment if and to the extent that the exercise of your rights materially impacts Mobix Labs’s ability to provide certain services to you (e.g. if you request the deletion of your account information or access credentials, Mobix Labs may no longer be able to grant you access to restricted areas of Mobix Labs’s websites). Such differentiated treatment is objectively justified and does not constitute discrimination.
Withdraw Consent.
Where Mobix Labs relies on your consent, you may have the right to withdraw consent to Mobix Labs processing your Personal Data. This will not affect the processing already carried out with your consent;
Not to be subject to decisions based on automated processing.
In some circumstances, you have the right not to be subject to decisions based solely on automated processing, and to obtain the human review of any such decisions that significantly affect you (please refer to the earlier section on automated decision making); and
Complaint.
If you have a complaint, Mobix Labs would appreciate the chance to address your concerns. Please contact Mobix Labs using the options provided under “Contact Mobix Labs.” You may also lodge a complaint with the supervisory data protection authority in the state where you live, work or where an alleged infringement of applicable data protection law occurred.
Competent Supervisory Authorities.
Mobix Labs is a business that operates various activities across a number of jurisdictions. Mobix Labs has identified the Data Protection Commission (“DPC”) in Ireland as its Lead Supervisory Authority in relation to compliance with the EU General Data Protection Regulation (GDPR).
How Are Cross-Border Transfers of Data Performed?
Subject to your permission or as permitted by law, the Personal Data that you provide to Mobix Labs may be transferred within Mobix Labs across state or country borders. This may be done to consolidate data storage or to simplify the management of customer information. Mobix Labs has adopted globally recognized privacy principles and safeguards and only collects and/or transmits your Personal Data to the extent it is reasonably necessary to conduct business and perform requested services. Mobix Labs and its service providers comply with applicable legal requirements providing adequate safeguards protection of Personal Data transferred to countries outside of the country of collection or residence.
In certain cases, where Personal Data is transferred to countries that do not offer an adequate level of Personal Data protection according to the country of collection or residence, such transfers are covered by alternate appropriate technical, organizational and contractual safeguards, specifically the Standard Contractual Clauses (issued by the European Commission or the UK’s Information Commissioner’s Office). If applicable to you, you may obtain copies of such safeguards by contacting Mobix Labs. Where local legislation requires your consent to perform international data transfers, the Company will obtain your consent prior to the transfer.
You may also refer a complaint to your local data protection authority, and Mobix Labs will collaborate with them to try to resolve your concern.
In case you do not receive timely acknowledgment of your complaint Mobix Labs is subject to the investigatory and enforcement powers of the FTC and has the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
What Choices Do You Have Regarding Mobix Labs’s Use Of Your Personal Data?
Mobix Labs will not use or disclose your Personal Data in ways unrelated to the ones described above without first notifying you and offering a choice, unless Mobix Labs reasonably considers that Mobix Labs needs to use it for another reason and that reason is compatible with the original purpose. Please note that Mobix Labs may process your Personal Data without your knowledge or consent where it is required, or to the extent it is permitted by law.
Mobix Labs will provide you the opportunity to opt out of certain Mobix Labs communications. If you have any difficulty exercising your choices, please contact Mobix Labs at [email protected].
How Can You Contact Mobix Labs?
Mobix Labs’ legal department is responsible for privacy and data protection. If you have questions or concerns about this Notice, or the privacy practices relating to Mobix Labs’s Site or services, please contact Mobix Labs using the details below:
Company name: Mobix Labs Inc.
Email address: [email protected]
Postal address: 15420 Laguna Canyon Road, Suite 100, Irvine, CA 92618
What About Children?
Mobix Labs does not knowingly collect Personal Data relating to children. If you believe that Mobix Labs may have collected Personal Data from someone under the age of thirteen (13), or under the applicable age of consent in your country, without parental consent, please let Mobix Labs know using the methods described in the Contact Mobix Labs section and Mobix Labs will take appropriate measures to investigate and address the issue promptly.
What About California “Shine the Light” Privacy Rights?
California law, under California Civil Code Section 1798.83 (known as the “Shine the Light” law), permits Mobix Labs’s established customers who are California residents to request information regarding the manner in which Mobix Labs discloses certain categories of your Personal Data to third parties, for the third parties’ direct marketing purposes. California law provides that you have the right to submit a request to Mobix Labs at its designated address and receive the following information:
You are entitled to receive a copy of this information up to one time per calendar year in a standardized format and the information will not be specific to you individually. Mobix Labs’s designated email address for such requests is the one indicated in the contact details above. Mobix Labs reserves the right to not respond to requests submitted to addresses other than the addresses specified in this paragraph. In your request, please attest to the fact that you are a California resident. Mobix Labs reserves the right to require proof of residency. Please allow up to thirty (30) days for a response.
What About Changes To This Privacy Notice?
Mobix Labs may change this Notice from time to time, so please be sure to check back periodically. Mobix Labs will post any changes to this Notice on Mobix Labs’s Site. If Mobix Labs makes any changes to this Notice that materially affect Mobix Labs’s practices with regard to the Personal Data Mobix Labs has previously collected from you, Mobix Labs will endeavor to provide you with notice in advance of such change by highlighting the change on Mobix Labs’s Site, or by sending you an email message to the email address you have provided.
Compliance with China’s Privacy Information Protection Law (PIPL)
In addition to the provisions of this Notice, where PIPL is applicable and requires a separate consent for the processing and transfer of personal data, Mobix Labs will notify you separately and provide you with the details of the overseas recipient, the type of data disclosed and the purposes.
In the case of customers, partners, and other contacts, to the extent that PIPL is applicable, overseas recipients may include the organizations listed in the third-party list or other ICT service providers functioning as Mobix Labs’s data processors. Where Personal Data is transferred to countries that, according to Chinese authorities, do not offer an adequate level of Personal Data protection in relation to PIPL, such transfers are covered by the Chinese Standard Contractual Clauses.
Under PIPL, in addition to the rights listed above, you may also have the rights to:
Explanation.
You have the right to require Mobix Labs to further explain the rules of processing your Personal Data to the extent that they are unclear or not addressed in this Privacy Notice.
Transfer
You have the right to transfer the Personal Data Mobix Labs holds about you to another personal information processor as long as it is compliant under PIPL.