Equinix Inc. and its affiliated companies (“Equinix”, “we”, “us”, or “our”) respect your privacy, and recognize the need to appropriately protect and manage Personal Data.
This Privacy Statement (“Statement”) explains how we collect, process, use, share, and safeguard Personal Data, including:
and your choices regarding such Personal Data.
This Statement does not deal with data that our customers bear responsibility for or control the processing of (please see our Shared Responsibility Model for further details), using services that we provide, including on or through customer owned or customer controlled equipment co-located at our IBX Data Centers. We do not access or process this information in any manner. This Statement also does not apply to any products, services, websites, or content that are offered by third parties which have their own privacy policies detailing how such third parties collect, use, disclose or otherwise process your Personal Data.
If you have any questions, comments, or grievances, please contact us through the relevant contact given in the “How to Contact Us or Submit a Request” section at the end of this Statement.
Equinix, as the World’s digital infrastructure company® operates in over 35 (thirty-five) countries worldwide. This Statement and, where applicable, jurisdiction specific privacy statements must be read in conjunction with (a) the terms of your contract with us; and (b) the legal requirements under local laws which apply to our processing of the Personal Data or data processed by us in the course of providing services to our customers (“Applicable Laws”), and we will always comply with such Applicable Laws.
Personal Data is information that enables us to identify any natural person (including you) or relates to an identified or identifiable natural person (also known as a “Data Subject”). This may include a Data Subject’s name, identification number, location, or an online identifier. In certain jurisdictions, data protection and privacy laws may also apply to certain information relating to legal persons (“Personal Data”).
We may collect Personal Data from you, or about you, from a variety of sources. Some examples include:
| Who | Where | What |
|---|---|---|
| Visitors | At our office locations | Full name, business association, email address, identity information and CCTV footage |
| Visitors | At our IBX Data Centers | First and last name, business association, job title or position, telephone number, email address, photo, and certain biometric information, such as a hand scan or other technology (“Biometrics”) |
| Visitors | At events we conduct or participate in | Full name, business association and email address |
| Visitors | Through our website and our advertisements or other material on third party websites | Unique device identification information, regional and language settings, performance data about our website and online services, network provider, and IP address and associated location information Information collected from third parties (such as Google Analytics and Google Adwords, Demandbase, Salesforce Marketing Cloud Account Engagement, and Techtarget) |
Current or prospective customers (including employees or agents thereof) |
Through business related interactions with us, including over email, telephone, messaging services, or our online customer portals, such as the Equinix Customer Portal, the Equinix Marketplace Portal, and the Equinix Fabric Portal. |
Full name, business association, email address, telephone number, title/position, location information and payment related information Unique device identification information, regional and language settings, performance data about our website and online services, network provider, and IP address and associated location information. Information collected from third parties (such as Google Analytics and Google Adwords, Demandbase, Salesforce Marketing Cloud Account Engagement, and Techtarget) |
| Current or prospective employees and consultants | At our office locations, IBX Data Centers, other premises, events | Name, address, employment history, educational qualifications, health status, credit history, Biometrics, payroll information, performance and compensation information, and attendance information |
| Everyone | Through social media handles | Name associated with the account, the account handle, recent activity, the content of any posts in which we are tagged, and other information contained in your social media profiles Information collected from third parties (such as Google Analytics and Google Adwords, Demandbase, Salesforce Marketing Cloud Account Engagement, and Techtarget) |
You have certain rights regarding the Personal Data we collect. For instance, when you are asked to provide your Personal Data, you may decline to do so, but if you choose not to provide your Personal Data that is necessary for us to provide or enable any service or functionality, you may not be able to use them.
In addition to the types of Personal Data outlined above, you may also voluntarily provide other types of Personal Data to us (for instance, feedback). This is completely optional, and we will only use this Personal Data in connection with the purpose for which it was collected, or to improve our products and services.
Moreover, to the extent that Personal Data you share with us is not your own (i.e., for example, you are a representative of an Equinix customer, or are sharing Personal Data on behalf of an employee, representative, or family member), you warrant that you have the right to provide such Personal Data, and you and the business with which you are associated shall be fully responsible for any liability arising from any such use of Personal Data, including indemnifying Equinix from any such liability.
If you share Personal Data with us that is not your own, you agree to inform and obtain the consent from such persons to do so which may include informing your agents, employees, or any authorized personnel (e.g., contractors, partners, or authorized third parties) (i) that their Personal Data may be processed by us; and (ii) of their rights regarding the processing of their Personal Data in accordance with this Statement and Applicable Laws. You will confirm this consent when providing their Personal Data to us.
Finally, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, which is not Personal Data. We will not attempt to identify you from this data. To the extent that this data is not identifiable or associated with any person it is not subject to this Statement.
We may use your Personal Data for one or more of the following purposes:
(a) to provide (or evaluate providing) you, or a business or customer with which you are associated, services, and associated activities to enable their provision, including:
(i) for negotiation, execution, and management of contracts, invoicing, or commercial arrangements;
(ii) to provide access to, our IBX Data Centers or other premises;
(iii) to provide access to, or use of, our websites or portals, such as the Equinix Customer Portal, the Equinix Marketplace, and the Equinix Fabric Portal;
(iv) to provide customer or technical support services, accounting, or billing services;
(v) to provide information about our products and services, and information or news about us; and
(b) to develop or enhance our products or services;
(c) to enable you to contact us, and for us to respond to you; and to carry out, from time to time, certain satisfaction surveys about us;
(d) to support activities which we carry out to enable our business, such as marketing (based on both the data made available by you or obtained from our third-party vendors), product and service development, providing information to our investors and stakeholders, human resource management and recruiting; and
(e) to support certain internal processes to ensure protection of property and interests for us, our employees, and our customers, and enabling compliance with regulatory and legal obligations, including fraud detection, internal auditing, supporting internal and external investigations, and conducting security assessments.
Automated decision making means that certain decisions are made automatically using algorithms based on the information that you provide to us. We do not generally use your Personal Data for any automated decision making that may have a significant impact on you. If we do, we will notify you about it and you will have the right to request human intervention. We may, from time to time evaluate and implement innovations and/or conduct some of the above processing using Artificial Intelligence (AI) based technology, but will always do so:
(a) in such manner as to ensure that it does not adversely impact your rights herein; and
(b) in such manner as to comply with Applicable Laws relating to the use of such technology.
Certain jurisdictions permit processing certain types of Personal Data, such as publicly available data, more widely, or on broader bases. To the extent permissible, we may do so.
We may share your Personal Data with affiliated entities for the above purposes, other business or administrative purposes, and to enable centralized processing, or support centralized services or solutions.
We may disclose your Personal Data to:
(a) third parties when you ask us to do so (such as when you make a request for data portability); and
(b) our contracted service providers, suppliers, and third-party processors, such as third-party marketing service providers acting on our behalf and under our instructions. These providers are authorized to use your Personal Data only as necessary to provide us their services.
If we disclose your Personal Data as outlined above, we do so to facilitate the relevant services or our employment relationship with you and not for direct renumeration. Where we engage any service provider that will require access to and use of Personal Data to provide certain services for and under the instructions of Equinix, we take reasonable steps to ensure such service provider complies with Applicable Laws.
Finally, we may disclose your Personal Data if required or permitted to do so by law, where such action is reasonably necessary to comply with Applicable Laws, to enforce our agreements or other policies to protect our rights, property, or safety of our employees, customers or the public, or where the disclosure is otherwise appropriate due to safety or similar concerns. This includes sharing Personal Data with law enforcement officials, public health officials, other government authorities, insurance companies, or other third parties as necessary. This also includes sharing Personal Data with others in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business or assets by or into another company.
We may also share your Personal Data other than as described where you consent to such sharing.
If you are an xScale customer or contractor, the details of the Equinix legal entity (“Equinix Services”) and our partner (and its subsidiaries) (“Hyperscale Entities”) that are jointly responsible for the processing of Personal Data described in this Statement will be set out in your customer or vendor contract. References to ‘Equinix’ in this Statement should be read as if they were references to Equinix Services and each Hyperscale Entity, and references to ‘premises’ should be read as if they were references to xScale data centers.
Equinix Services and each Hyperscale Entity is responsible for complying with their respective obligations under applicable data protection laws, ensuring lawful transfer of your Personal Data, and fulfilling any request you may make in respect of your Personal Data.
We recommend that you direct any request in relation to your Personal Data to the Equinix Data & Privacy Office at Data&PrivacyOffice@equinix.com. However, you may make such request to Equinix Services or to any Hyperscale Entity, regardless of which entity is processing your Personal Data.
Considering the global reach of our business, we may transfer your Personal Data between our affiliated companies in the USA, North, Central and South America (AMER), Europe, Middle-East and Africa (EMEA), and Asia-Pacific regions, including locations where the data privacy legislation may differ from that in your country or jurisdiction. Any such transfer is subject to and in accordance with the Applicable Laws in the location from where such transfer is sought to take place.
We ensure that processing activities in the recipient locations are offered equivalent levels of data protection, either through Applicable Laws or technical, organizational, contractual or other legitimization measures adopted by us. These measures include the implementation of Binding Corporate Rules, as defined under European Union regulations or Applicable Laws, and entry into appropriate inter-company data transfer agreements.
When we transfer user data from the European Economic Area (EEA), United Kingdom (“UK”) and Switzerland, we do so on the basis of the necessity to fulfil our agreements with users, consent, adequacy decisions regarding the country of transfer, and transfer mechanisms such as the Standard Contractual Clauses adopted by the European Commission (and their approved equivalents for the UK and Switzerland). Such data remains subject to the General Data Protection Regulation 2016 (GDPR) or equivalent Applicable Laws after such transfer. Users may contact us regarding the above, or to request copies of applicable Standard Contractual Clauses. In the event of a conflict between this Statement and the above transfer mechanisms, the latter shall govern.
We process your Personal Data for, or based on, one or more of the following legal bases:
(a) Performance of a Contract: We may use your Personal Data to enter into, or perform under, the agreement between us and you or the business with which you are associated.
(b) Your Consent: We may process your Personal Data on the basis of your express consent. For instance, when you opt-in to receive our marketing and promotional materials, we process your Personal Data to send messages to you about us and the products and services we offer. You can withdraw your consent at any time.
(c) Legitimate Interests: We may use your Personal Data for our legitimate interests, including improving our services; providing information about our products and/or services; preventing and detecting fraud; and ensuring network and information security.
(d) Compliance with Legal Obligations and Protection of Individuals: We may use your Personal Data to comply with the law and our legal obligations, as well as to protect you and other individuals from certain harms.
(e) Other lawful bases: Where specific jurisdictions allow for processing personal data on other non-consent bases such as voluntary submission, we may process your personal data to the extent permitted under the same.
We employ reasonable and appropriate physical, technical and organizational safeguards, in accordance with Applicable Laws, to promote the security of our systems and protect your Personal Data.
Those safeguards may include: (i) encryption or other technical safeguards, (ii) taking steps to ensure Personal Data is backed up and remains available in the event of a security incident; and (iii) periodic testing, audits, certification, assessment, and evaluation of the effectiveness of our systems and processes.
However, no method of safeguarding information is completely secure. While we use measures designed to protect your Personal Data, we, unfortunately, cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit to us is or will be secure.
We retain your Personal Data for only as long as necessary to carry out the processing activities described in this Statement, or for such period as is mandated or permitted under Applicable Laws, including but not limited to: (i) provide services to you or to the business with which you are associated; (ii) to enter into or perform contracts with you or with the business with which you are associated; (iii) to comply with Applicable Laws, regulations, rules, and requests of relevant law enforcement and/or other governmental agencies; and (iv) to protect our rights, property, or safety, and the rights, property, and safety of our customers, users, and other third parties.
At the end of such period, we will delete the Personal Data from our systems and records as required under Applicable Laws
We reserve the right to change the terms of this Statement at any time. If we do make changes, though, we will take steps to indicate to you that this Statement has been updated on this website, and you should check this website regularly to see recent changes.
Some of our websites utilize “cookies” and other tracking technologies. A cookie is a small data file that certain websites place on your hard drive when you visit them. Some parts of our website use cookies to gather information about user browsing sessions so that we can analyze how our websites are used in order to make improvements to them, to personalize your browsing experience (including by offering you tailored help within a browsing session), or to serve advertising. You have choices in relation to the cookies which are used, as explained below.
Depending on your region, a pop-up window may appear the first time you visit our website, informing you that our website uses cookies and other tracking technologies, and allowing you to set your preferences for your device. Please be aware that this does not apply to strictly necessary cookies.
Tracking technologies may record information such as Internet domain and host names, IP addresses, browser software and operating system types, clickstream patterns, user journey/path analysis, abandon rates, conversion rates, and dates and times that our site is accessed. We may also record and watch user browsing sessions on our websites to understand how our websites are used. Our use of cookies and other tracking technologies allows us to improve our website and your online experience. We may also analyze information that does not contain Personal Data for trends and statistics. We may allow third-party advertisers to place and/or activate advertising cookies, pixel tags, and/or other tracking technologies. To read more about cookies, please read our Cookie Notice.
If your web browser supports Global Privacy Control (GPC), you can configure your web browser to use GPC to opt-out of personal information “sale” or “sharing” as defined in under Applicable Laws. You can find more information on enabling GPC within web browsers at the following web site: https://globalprivacycontrol.org/.
You can also set most browsers to notify you if you receive a cookie or you may choose to block cookies with your browser. Please know, though, that if you choose to delete or block your cookies, you will lose the ability to save certain preferences, such as your username and password. If you delete or block your cookies, you will, for example, need to re-enter your log-in credentials to gain access to certain parts of our website upon each visit.
Depending on Applicable Laws, you may be entitled to a variety of legal rights regarding the collection and processing of your Personal Data. You may exercise these rights, to the extent they apply to you, by contacting us as outlined in the section “How to Contact Us or Submit a Request” at the end of this Statement or by following instructions provided in communications sent to you. The Equinix Data & Privacy Office, which is a dedicated global team, shall be responsible for addressing such requests.
We may request certain additional information (that may include Personal Data) that may be reasonably required to authenticate your identity, your request, and/or to clarify or understand the scope of such requests.
These rights may vary depending on the laws of the applicable jurisdiction, but may include:
(a) the right to know if we process your Personal Data and the purposes of processing;
(b) the right to be informed about the Personal Data we collect and/or process about you;
(c) the right to learn the source of the Personal Data about you that we process;
(d) the right to access, modify, or correct Personal Data about you;
(e) the right to know the details of the persons with whom we have shared your Personal Data, including the Personal Data shared and the purposes of sharing your Personal Data;
(f) where processing of Personal Data is based on consent, the right to withdraw your consent to such processing;
(g) the right to object to decisions based on profiling or automated decision-making that produce legal or similarly significant effects on you;
(h) right to nominate a person to exercise your rights hereunder in case of death or incapacity;
(i) the right to request restriction of processing of your Personal Data or to object to processing of your Personal Data carried out pursuant to (i) our legitimate interest or (ii) performance of a task in the public interest (including, but not limited to, processing for direct marketing purposes);
(j) in certain circumstances, the right to data portability, which means that you can request that we provide certain Personal Data we hold about you in a machine-readable format;
(k) in certain circumstances, the right to erasure and/or the right to be forgotten, which means that you can request deletion or removal of certain Personal Data we process about you;
(l) the right to opt-out of the sale of your Personal Data; and
the right to lodge a complaint with a regulator, including relevant supervisory authorities, located in the jurisdiction of your residence, place of work, or where an alleged violation of law occurred.
Where required by Applicable Laws, we will respond to a valid request relating to your rights within one month of receipt, or within three months where a request is complex or challenging, or within such period as is permissible under Applicable Laws. We will inform you of such extension along with the reasons, within one month of the receipt of your request.
In certain cases, we may decline to act on your request as permitted by law. In such cases, we will provide you with a written explanation of the reasons for our decision. In such cases, you may also be able to contact the relevant regulator or authority under Applicable Laws.
If you are located in the European Union or European Economic Area or the UK respectively, please refer to our Complaints Mechanism and Complaints Handling Policy, as described in our respective EU or UK Binding Corporate Rules (“BCRs”) for further details regarding how we respond to your requests.
We respect your rights, and we will never discriminate or retaliate against you or the business with which you are associated as a result of your exercise of any right outlined in this Statement or afforded to you under Applicable Laws.
Insofar as your requests impact our ability to carry out necessary processing, we may be unable to continue providing one or more services (or engage in one or more activities) in relation to you, or to the business you represent.
You have choices about how we communicate with you and how we process certain Personal Data about you.
(a) Communications Opt-Out. You may opt out of receiving marketing or other communications from us at any time by following this opt-out link or other unsubscribe instructions provided in any email that you receive from us, or by contacting us as outlined in the section “How to Contact Us or Submit a Request” at the end of this Statement.
(b) Cookies and Web Tracking. Consult our Cookie Notice for more information about how to control and/or opt out of certain cookies and web tracking technologies.
(a) Collection of Personal Information from Minors. We do not knowingly collect Personal Data from children under the age of 18. By using our services, you represent that you are 18 (eighteen) years of age or older. Where you become aware that anyone under such age is engaged with us, kindly contact us.
(b) Third-Party Websites and Services. As a convenience, we may refer to or provide links to third-party websites and services, including those of unaffiliated third parties, our affiliated companies, service providers, and third parties with whom we do business. When you access these third-party services, you leave our website, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. This Statement does not apply to any third-party services; please refer to the privacy notices or policies for such third parties for information about how they collect, use, and process your Personal Data.
(c) Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations, or assets to a third party, whether by merger, acquisition, slump sale, or otherwise in accordance with Applicable Laws. We may disclose your Personal Data to any potential or actual third-party acquirers, and it may be among the assets transferred.
To facilitate our compliance with Applicable Laws, and to ensure strong and consistent support for our privacy practices within Equinix globally, we have established the Equinix Data & Privacy Office to manage privacy compliance for Equinix and coordinate with our customers and any data subjects on privacy matters. If you have any query or complaint about this Statement or our privacy practices, you would like to contact our Data Protection Officer in any relevant jurisdiction, or if you wish to exercise any of your rights hereunder you may contact us at any time using the following contact information:
In case of any unsatisfactory response or lack of resolution, you may also have the right to approach the appropriate regulator in the relevant jurisdiction as per Applicable Laws. If you ask us, we will endeavor to provide you with information about the relevant complaint avenues that may apply to your circumstances.
If you are located in the European Union/European Economic Area or UK, you can file a complaint with our lead supervisory authority, the Autoriteit Persoonsgegevens in the Netherlands, the Information Commissioner's Office in the UK, or with another local supervisory authority.
If you are located in Africa, you can file a complaint with the Nigeria Data Protection Commission in Nigeria, the Data Protection Commission in Ghana, the L'Autorité de Régulation des Télécommunications/TIC de Côte d'Ivoire in Cote d’Ivoire, the Information Regulator in South Africa, or with such other applicable supervisory authority.
We take measures to ensure our proprietary and confidential information remains private, and are committed to the state of the art, in-house physical access security, which includes best-in-class processes and procedures and cutting-edge technologies. To that end, we maintain a security system to regulate access to our secure locations, such as our IBX Data Centers. The security system limits access to such locations to our authorized employees, customers, agents, contractors, vendors, and third-party business partners (“Authorized Person”).
Our security system utilizes certain data that may be considered biometric data under Applicable Laws for the purpose of authenticating some Authorized Persons’ identity and allowing those Authorized Persons’ access to our secure locations. We have published this Statement to provide notice to Authorized Persons and ensure such potential biometric data is reasonably safeguarded and not retained for longer than necessary. This Statement governs the collection, use, retention, and destruction of the potential biometric data we may collect in Illinois and is available to all our employees and the public in the Policy available on our website for the United States of America.
Because such potential biometric data is collected during the identity verification and authentication process, this Policy is intended to comply with applicable federal, state, and local laws, including but not limited to the Illinois Biometric Information Privacy Act.
Collection of Potentially Biometric Data.
Among the measures taken by us to protect our secure locations, is the use of hand or finger scanning devices, which, along with an Authorized Person’s unique passcode, authenticate the Authorized Person’s identity. We collect hand or finger scan data to enroll the Authorized Person and provide such person with biometrically authenticated access.
Depending on the security system in operation at the IBX Data Center, the scanning technology measures certain aspects of an Authorized Person’s hand or finger, which are then immediately converted to an encrypted mathematical file (template) based on the distinct characteristics of the hand or finger. The template will then either be stored on a smart card, which we will issue to the Authorized Person, or we will store it on a secure database owned and maintained by us. No handprints or fingerprints are retained after we create the template.
Before collecting an Authorized Person’s hand or finger scan data for creating the template, we obtain a signed consent and written release from the Authorized Person or the Authorized Person’s legally authorized representative to obtain and use the hand or finger scan data as outlined in this Policy. We will consider requests from an Authorized Person on an individual basis for accommodation or exemption—in whole or in part—from this Policy.
Use of Potential Biometric Data.
Where required to access an IBX Data Center, an Authorized Person must present their unique personalized passcode and provide a non-intrusive hand or finger scan, or the smart card that contains the template, as applicable to the security system in operation at the IBX Data Centers. We will use the associated template solely for purposes of authenticating the Authorized Person’s identity to enable access one of our secure locations. The template derived from the Authorized Person’s hand or finger scan is compared with the template associated with the Authorized Person’s passcode during the initial enrollment process to verify and authenticate the Authorized Person’s identity.
How We Provide Access to Potential Biometric Data
We utilize software and hardware sourced from third party vendors in connection with our security system; however, no third party has access to the templates except as otherwise detailed in this Policy. We will not sell, lease, trade or otherwise profit from an Authorized Person’s templates. Likewise, we will not disclose, re-disclose or otherwise disseminate templates without an Authorized Person’s consent unless required: (1) by any state law, federal law or municipal ordinance; or (2) by valid warrant or valid subpoena issued by a court of competent jurisdiction.
How We Store Potentially Biometric Data
The data obtained from an Authorized Person’s hand scan are converted to an encrypted mathematical file that is then securely retained on applications and infrastructure owned and maintained by us. All templates obtained from an Authorized Person’s finger scan are stored on a smart card, which we will issue to the Authorized Person, and are not stored by us.
How We Retain, Safeguard, and Destroy Potentially Biometric Data
Unless otherwise required by law, we will retain an Authorized Person’s templates until the earlier of the following occurs:
(a) When an Authorized Person’s Equinix Customer Portal profile is removed;
(b) An Authorized Person’s IBX Data Center access is removed;
(c) One year following an Authorized Person’s last access to a secure location using biometric data; or
(d) Upon request to the Equinix Data & Privacy Office from the Authorized Person to permanently destroy the template.
We will permanently destroy an Authorized Person’s template upon expiration of the above-outlined time periods.
During the time of retention, we will store and safeguard the Authorized Person’s template using the reasonable standard of care within the industry, and in a manner equally protective as that in which we store, transmit, and protect other confidential and sensitive data, including Personal Data.
How to Contact Us
If you as an Authorized Person have questions or concerns about this Policy, please contact the site manager or the Equinix Security Desk, who will refer the question to our appropriate representative, or contact us at Data&PrivacyOffice@equinix.com or +1.866.977.3749.
Updates to this Policy
We reserve the right to amend this Policy at any time for any reason.
If any provision of this Policy or any part thereof contravenes any Applicable Laws, or if the operation of any provision is determined by Applicable Laws or otherwise to be unenforceable, then such offending provision or part thereof shall be severed, and the remaining provisions given full force and effect.
Any legal disputes, claims, controversies or disagreements arising out of or relating to this Policy or our procedures relating to Authorized Person’s biometric data (“Claim”) shall be resolved by binding arbitration instead of the courts. All Claims may be brought only in the Authorized Person's individual capacity, and not as plaintiff, claimant or class member in a class, collective or other representative or joint proceeding. Arbitration is the exclusive form for the resolution of such Claims, and both Authorized Persons and we mutually waive our respective right to a trial before a judge or jury in federal or state court. The arbitration will be administered by the American Arbitration Association in accordance with its rules and procedures in force and shall be confidential.