Privacy Statement

Personal Data is any information that enables us to identify you and that is related to an identified or identifiable natural person (also known as a “Data Subject”), such as a name, an identification number, location data, or an online identifier. In some jurisdictions (e.g., Switzerland), data protection and privacy laws also apply to identified or identifiable legal persons.

We may collect Personal Data from you and about you from a variety of sources. We strive to only collect Personal Data that is adequate, relevant, and limited to achieve the purpose(s) for which it was collected. In addition, we strive to keep all Personal Data accurate, complete, and reliable for its intended need, and we only retain your Personal Data for as long as necessary to achieve the purpose(s) for which it was collected, as explained more fully in the section “How Long We Retain Your Personal Data”. Finally, we may, from time to time, provide you with supplemental information at the time we collect your Personal Data to address unique or situational collection needs.

Examples of the ways in which we collect your Personal Data include:
 

• Information You Share with Us. We collect Personal Data when you provide it to us directly, such as through our business interactions with you; when you visit one of our office locations or IBX Data Centers; when you provide it to us throughout an employment or pre-employment relationship; when you respond to a survey that we sent you; or when you interact with us on our website, our online customer portals, or through social media.
  
  For example, if you visit one of our office locations, we may ask that you provide us your first and last name, business association, and email address in order to identify you as a visitor. Likewise, when you visit one of our IBX Data Centers, we may require you to provide us your first and last name, business association, job title or position, telephone number, email address, photo, and certain biometric information, such as a hand scan or other biometric-assessment technology developed in the future that Equinix may adopt.
  
  Likewise, if you contact us with questions, requests, or complaints, we may collect Personal Data sufficient to answer your questions, address your requests, and/or handle your complaints. We may also require you to provide Personal Data to authenticate your identity in order to answer your questions, address your requests, and/or handle your complaints.
  
  
• Information Collected through a Representative. We collect Personal Data when a representative from an organization or company with which you are associated provides it to us directly, such as through the provision of access credentials to our customer portals.
  
  Equinix provides several online accounts for its customers to provide a variety of services. These online accounts include the customer portals such as the Equinix Customer Portal, the Equinix Marketplace Portal, and the Equinix Fabric Portal (not an exhaustive list; collectively, the “Equinix Portals”, “Customer Portal(s)” or “Portal(s)”). Each Portal requires individualized access credentials in order to log in, which are provisioned based on your first and last name, email address, business telephone number, and the company or organization with which you are associated.  We also use automated technologies to improve your experience of the Portals (see “Information Collected Automatically” below).
  
  For example, the Equinix Customer Portal allows registered Equinix customers to purchase additional Equinix Licensed Space and Services (as defined within relevant agreements with us) and to gain access to relevant information about the customer’s business relationship with Equinix. If you are associated with an Equinix customer that has access to the Equinix Customer Portal, a representative from your organization may provide us with your first and last name, business telephone number, and email address in order for us to provide you access credentials.
  
  
• Information Collected Automatically. We collect Personal Data automatically when you visit our website through logging and analytics tools, cookies, and as a result of your use of and access to our Portals.  More information about cookies and similar technologies used in our websites (including our Portals) can be found in the section “Cookies and Other Tracking Technologies” below.
  
  Personal Data that we automatically collect may include the software and hardware attributes of the device you use to access our website and online services (such as our online employee or customer portals); unique device identification information; regional and language settings; performance data about our website and online services; network provider; and IP address (a number assigned to your device when you use the Internet).
  
  Location Information: If you permit us to access information about your location (including global positioning system or general location information derived from the network you use to access the Services), we collect the precise or general location information provided by your device to appropriately tailor certain regional settings, such as preferred language.
  
  Cookies, Web Tracking, and Advertising: We use cookies to personalize and enhance your experience online, to collect data about your visit to our website, to help diagnose problems with our servers, to administer our website and our online services, to evaluate the effectiveness of our marketing and advertising campaigns, and to permit analytics providers to gather information about your visit.
  
  Please see our Cookie Notice for more information about cookies and other web tracking technologies that we utilize; for information about how you can reject, delete, or prevent cookies from being placed on your system or device; and how you can opt out of, limit, or prevent certain web tracking technologies from collecting information about you.
  
  
• Information Obtained from Third Parties. We collect Personal Data from third-party sources, including our service providers, such as Google Analytics and Google Adwords, Demandbase, Marketo, and Techtarget; through your interactions with us on social media; through industry, marketing, or trade associations events; and through database providers, public agencies, or credit bureaus.
  
  For example, if you attend an industry conference and allow the association to publish your Personal Data, we may collect information, such as your name, the business with which you are associated, your job title or position, and your email address. Likewise, if you apply for employment with us, we may perform certain diligence efforts that include collecting your Personal Data from public agencies and/or credit bureaus.
  
  In addition, if you choose to interact with us or our partners on social media by posting to our pages, tagging us (or using certain hashtags or other identifiers) in posts, or participating in activities, we may collect Personal Data from the social media account you use to interact with us, including the name associated with the account, the account handle, recent activity, the content of any posts in which we are tagged, and other information that may be contained on your social media profile to allow us to respond to the posts and understand and engage with our audience.

You have choices about certain information we collect. When you are asked to provide your Personal Data, you may decline to do so; but if you choose not to provide your Personal Data that is necessary for us to provide any aspect of our services, you may not be able to use those services.

Moreover, to the extent that Personal Data you share with us is not your own (because, for example, you are a representative of an Equinix customer), you warrant that you have the right to provide such Personal Data, and you and the business with which you are associated shall be fully responsible for any liability arising from any such use of Personal Data, including indemnifying Equinix from any such liability. If you share Personal Data with us that is not your own, you agree to inform your agents, employees, or any authorized personnel (e.g., contractors, partners, or authorized third parties) (i) that their Personal Data may be processed by us; and (ii) of their rights regarding the processing of their Personal Data in accordance with this Privacy Statement and applicable data privacy and protection law.

Finally, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, which is not Personal Data. To the extent this data is stored or associated with your Personal Data, we will treat it as Personal Data; otherwise, it is not subject to this Privacy Statement.

We may use your Personal Data for one or more of the following business purposes:

• to provide you or the business with which you are associated with certain personalized services, including negotiation, execution, and management of customer contracts, as well as access to and use of our IBX Data Centers, our intranet, and our Portals, such as the Equinix Customer Portal, the Equinix Marketplace, and the Equinix Fabric Portal;
• to support our internal activities, such as marketing, product and service development, dissemination of investor information, and recruiting;
• to support our relationship with you and the business with which you are associated, including customer or technical support services, and accounting and billing services;
• to support certain internal processes to ensure protection of property and interests for both Equinix and its customers, including fraud detection, internal auditing, supporting internal and external investigations, and conducting security assessments;
• to inform you or the business with which you are associated of our products and services, and provide you with our latest information and news about us;
• to enable you to contact us, and for us to respond to you;
• to carry out, from time to time, certain satisfaction surveys about us; and
• to analyze the use of our website or our online services (such as our Portals and our customer service) by you in order to develop and enhance the services we may provide to you and the business with which you are associated.

In addition to the uses outlined above, you may also upload additional Personal Data to certain Equinix Portals, such as a photograph of yourself or other representatives from your organization. This feature is completely voluntary, and Equinix will only use that Personal Data in connection with the purpose for which it was collected.

We will not disclose your Personal Data to any third party except as follows:

• We may share your Personal Data with our affiliated companies.
• We may share your Personal Data with third parties when you ask us to do so (such as when you make a request for data portability).
• We may share your Personal Data with our contracted service providers, suppliers, and third-party processors, such as third-party marketing service providers acting on our behalf and under our instructions. These providers are authorized to use your Personal Data only as necessary to provide us their services.

We do not sell your Personal Data to any third parties, whether for monetary or other valuable consideration, and have not done so in the prior 12 months. If we disclose your Personal Data as outlined above, we do so to facilitate the relevant services or our employment relationship with you and not for direct renumeration. Where we engage any service provider that will require access to and use of Personal Data to provide certain services for and under the instructions of Equinix, we take reasonable steps to ensure such service provider complies with applicable data protection and privacy laws.

Finally, we reserve the right to disclose your Personal Data if required to do so by law, in the good faith belief that such action is reasonably necessary to comply with applicable law, or to protect the rights, property, or safety of Equinix, its employees, customers, or the public.

If you are an xScale customer or contractor, the details of the Equinix legal entity (“Equinix Services”) and our partner (and its subsidiaries) (“Hyperscale Entities”) that are jointly responsible for the processing of Personal Data described in this notice will be set out in your customer or vendor contract. References to "Equinix" in this notice should be read as if they were references to Equinix Services and each Hyperscale Entity, and references to "premises" should be read as if they were references to xScale data centers.  Equinix Services and each Hyperscale Entity is responsible for complying with its respective obligations under applicable data protection laws, ensuring the lawful transfer of your Personal Data, and fulfilling any request you may make in respect of your Personal Data. We recommend that you direct any request to the Equinix Privacy Office at PrivacyOffice@equinix.com. However, you may make such request to Equinix Services or to any Hyperscale Entity, regardless of which entity is processing your personal data.

Considering the global reach of our business, we may transfer your Personal Data between our affiliated companies in the Americas, EMEA, and Asia-Pacific regions, including locations where the data privacy legislation may differ from that in your country or jurisdiction. In addition, we may transfer your Personal Data to certain contracted service providers, as outlined in the section “Disclosure of Your Personal Data to Third Parties”, to a region where the data privacy legislation may differ from that in your country or jurisdiction.

However, we have in place appropriate transfer legitimization measures to ensure the validity of Personal Data transfers to countries in which there is not a similar level of protection as required under applicable data protection laws. Those transfer legitimization measures include the implementation of Binding Corporate Rules (enacted October 2019), as defined under European Union regulations, and entry into appropriate inter-company data transfer agreements based on the European Standard Contractual Clauses.

We process your Personal Data for, or based on, one or more of the following legal bases:

• Your Consent. When you opt-in to receive our marketing and promotional materials, we process your Personal Data to send messages to you about us and the products and services we offer. You can withdraw your consent at any time.
• Performance of a Contract. We may use your Personal Data to enter into, or perform under, the agreement between us and you or the business with which you are associated.
• Legitimate Interests. We may use your Personal Data for our legitimate interests, including improving our services; providing information about our products and/or services; preventing and detecting fraud; ensuring network and information security; and for administrative and legal compliance purposes.
• Compliance with Legal Obligations and Protection of Individuals. We may use your Personal Data to comply with the law and our legal obligations, as well as to protect you and other individuals from certain harms.

We employ reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of your Personal Data. Those safeguards include: (i) the encryption of personal information where we deem appropriate; (ii) the deployment of technical safeguards; (iii) taking steps to ensure Personal Data is backed up and remains available in the event of a security incident; and (iv) periodic testing, assessment, and evaluation of the effectiveness of our safeguards.

However, no method of safeguarding information is completely secure. While we use measures designed to protect your Personal Data, we, unfortunately, cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit to us is or will be secure.

We retain your Personal Data for only as long as necessary to carry out the processing activities described in this Privacy Statement, including but not limited to: (i) to provide services to you or to the business with which you are associated; (ii) to enter into or perform contracts with you or with the business with which you are associated; (iii) to comply with applicable laws, regulations, rules, and requests of relevant law enforcement and/or other governmental agencies; and (iv) to protect our rights, property, or safety, and the rights, property, and safety of our customers, users, and other third parties.

For Equinix customers, upon the expiry or earlier termination of the business relationships, we will archive Personal Data to preserve evidence and/or fulfill retention requirements under applicable laws or regulations. At the end of such archiving period (namely at the expiry of applicable statutes of limitation and/or minimum record retention requirements), we will delete the Personal Data from our systems and records.

We reserve the right to change the terms of this Privacy Statement at any time. If we do make changes, though, we will take steps to indicate that the Privacy Statement has been updated on this website.

Some of our websites utilise “cookies” and other tracking technologies. A cookie is a small data file that certain websites place on your hard drive when you visit them. A cookie file can contain information such as a user ID, which the site uses to track the pages you’ve visited, but the only Personal Data a cookie can contain is information you supply yourself. A cookie cannot read data off your hard disk or read cookie files created by other sites. Some parts of our website use cookies to gather information about user browsing sessions so that we can analyse how our websites are used in order to make improvements to them, to personalize your browsing experience (including by offering you tailored help within a browsing session), or to serve advertising. You have choices in relation to the cookies which are used, as explained below. Equinix does not share this information or sell it to any third party.

When you first navigate to an Equinix website, you will be given the opportunity to consent to certain cookies used by us, based on the purposes for which those cookies are used. Please note that some cookies—known as “strictly necessary” cookies—are essential in order for the website to function properly, and it is not possible to refuse these cookies.

You can also set most browsers to notify you if you receive a cookie or you may choose to block cookies with your browser. Please know, though, that if you choose to delete or block your cookies, you will lose the ability to save certain preferences, such as your username and password. If you delete or block your cookies, you will, for example, need to re-enter your log-in credentials to gain access to certain parts of our website upon each visit.

Tracking technologies may record information such as Internet domain and host names, IP addresses, browser software and operating system types, clickstream patterns, user journey / path analysis, abandon rates, conversion rates, and dates and times that our site is accessed.  We may also record and watch user browsing sessions on our websites to understand how our websites are used. Our use of cookies and other tracking technologies allows us to improve our website and your online experience. We may also analyse information that does not contain Personal Data for trends and statistics. To read more about cookies, please read our Cookie Notice.

Depending on applicable data protection and privacy laws, you may be entitled to a variety of legal rights regarding the collection and processing of your Personal Data. You may exercise these rights, to the extent they apply to you, by contacting us as outlined in the section “How to Contact Us or Submit a Request” at the end of this Privacy Statement or by following instructions provided in communications sent to you.

Note, however, that we may request certain reasonable additional information (that may include Personal Data) to help us authenticate your identity, your request, and/or to clarify or understand the scope of such requests.

These rights vary depending on the particular laws of the jurisdiction applicable to you, but may include:

• the right to know whether, and for what purposes, we process Personal Data;
• the right to be informed about the Personal Data we collect and/or process about you;
• the right to learn the source of the Personal Data about you that we process;
• the right to access, modify, or correct Personal Data about you;
• the right to know with whom we have shared your Personal Data, for what purpose, and what Personal Data has been shared;
• where processing of Personal Data is based on consent, the right to withdraw your consent to such processing;
• the right to object to decisions based on profiling or automated decision-making that produce legal or similarly significant effects on you;
• the right to request restriction of processing of your Personal Data or to object to processing of your Personal Data carried out pursuant to (i) our legitimate interest or (ii) performance of a task in the public interest (including, but not limited to, processing for direct marketing purposes);
• in certain circumstances, the right to data portability, which means that you can request that we provide certain Personal Data we hold about you in a machine-readable format;
• in certain circumstances, the right to erasure and/or the right to be forgotten, which means that you can request deletion or removal of certain Personal Data we process about you;
• the right to opt-out of the sale of your Personal Data (please note, though, that we do not sell your Personal Data); and
• the right to lodge a complaint with a regulator, including relevant supervisory authorities, located in the jurisdiction of your residence, place of work, or where an alleged violation of law occurred.

Where required by applicable law, we will respond to a valid request relating to your rights within one month of receipt, or within three months where a request is complex or challenging.

We respect your rights, and we will never discriminate or retaliate against you or the business with which you are associated as a result of your exercise of any right outlined in this Privacy Statement or afforded to you under applicable law.

You have choices about how we communicate with you and how we process certain Personal Data about you.

•  Communications Opt-Out. You may opt out of receiving marketing or other communications from us at any time by following this opt-out link or other unsubscribe instructions provided in any email that you receive from us, or by contacting us as outlined in the section “How to Contact Us or Submit a Request” at the end of this Privacy Statement.
• Cookies and Web Tracking. Consult our Cookie Notice for more information about how to control and/or opt out of certain cookies and web tracking technologies.

If you are a California resident, you have the right to request and obtain from us a list of what personal information we have disclosed to third parties for their own direct marketing purposes in the preceding calendar year, but please note that we do not disclose your Personal Data, protected under the law, to third parties for their own direct marketing purposes.

• Collection of Personal Information from Minors. We do not knowingly collect Personal Data from children under the age of 16. By using our services, you represent that you are 18 years of age or older.
• Third-Party Websites and Services. As a convenience, we may reference or provide links to third-party websites and services, including those of unaffiliated third parties, our affiliated companies, service providers, and third parties with which we do business. When you access these third-party services, you leave our website, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. This Privacy Statement does not apply to any third-party services; please refer to the privacy notices or policies for such third parties for information about how they collect, use, and process your Personal Data.
• Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations, or assets to a third party, whether by merger, acquisition or otherwise. We may disclose Personal Data we obtain from or about you to any potential or actual third-party acquirers, and it may be among the assets transferred.

To facilitate our compliance with applicable data privacy and protection laws, such as the EU’s General Data Protection Regulation or the California Consumer Privacy Act, and to ensure strong and consistent support for our privacy practices within Equinix globally, we have established a Privacy Office to manage privacy compliance for Equinix and to coordinate support for our customers on privacy matters.

If you have any query or complaint about this Privacy Statement or our privacy practices, or if you wish to exercise any of your rights, you may contact us at any time using the following contact information:

• Email: PrivacyOffice@equinix.com
• Telephone: +1.866.977.3749

If you are located in the European Union or European Economic Area, and you wish to raise a concern regarding our privacy practices, you have the right to do so with your local supervisory authority or with our lead supervisory authority, the Autoriteit Persoonsgegevens in the Netherlands, via its website https://autoriteitpersoonsgegevens.nl/en.

Equinix, Inc. (the “Company”, “we”, or “us”) takes measures to ensure its proprietary and confidential information remains private, and is committed to state of the art, in-house physical access security, which includes best-in-class processes and procedures and cutting-edge technology.  To that end, we maintain a security system for access to our secure locations, such as one of our International Business Exchange Centers (“IBX Centers”).  The system limits access to such locations to authorized employees, customers, agents, contractors, vendors, and third-party business partners of the Company (“Authorized Person”).

The Company’s security system utilizes certain data that may be considered biometric data under applicable laws for the purpose of authenticating some Authorized Persons’ identity and allowing those Authorized Persons access to a Company secure location.  The Company has developed and published this policy to provide notice to Authorized Persons and ensure such potentially biometric data is reasonably safeguarded and not retained for longer than necessary.  This policy governs the collection, use, retention, and destruction of the potentially biometric data we may collect in Illinois and is available to all Company employees and the public in the Privacy Statement section at the Company’s U.S. website.

Because such potentially biometric data is collected during the identity verification and authentication process, this policy is intended to comply with applicable federal, state, and local laws, including but not limited to the Illinois Biometric Information Privacy Act.

Collection of Potentially Biometric Data.

Among the measures taken by the Company to protect its secure locations is the use of hand or finger scanning devices, which, along with an Authorized Person’s unique passcode, authenticate the Authorized Person’s identity. We collect hand or finger scan data to enroll you and provide you with biometrically authenticated access.

Depending on the security system in operation at the IBX Center, the scanning technology measures certain aspects of an Authorized Person’s hand or finger, which are then immediately converted to an encrypted mathematical file (template) based on the distinct characteristics of the hand or finger.  The template will then either be stored on a smart card, which we will issue to you, or we will store it on a secure database owned and maintained by the Company. No handprints or fingerprints are retained after we create the template.

Before collecting an Authorized Person’s hand or finger scan data and creating a template, the Company obtains a signed consent and written release from the Authorized Person or the Authorized Person’s legally authorized representative to obtain and use the hand or finger scan data as outlined in this policy.  The Company will consider requests from an Authorized Person on an individual basis for accommodation or exemption—in whole or in part—from this policy.

Use of Potentially Biometric Data.

Where required to access an IBX Center, an Authorized Person must present their unique personalized passcode and provide a non-intrusive hand or finger scan, or the smart card that contains the template, as applicable to the security system in operation at the IBX Center.  The Company will use the associated template solely for purposes of authenticating an Authorized Person’s identity to access one of our secure locations.  The template derived from the Authorized Person’s hand or finger scan is compared with the template associated with the Authorized Person’s passcode during the initial enrollment process to verify and authenticate the Authorized Person’s identity.

How We Provide Access to Potentially Biometric Data.

The Company utilizes software and hardware in connection with its security system sourced from third party vendors; however, no third party has access to the templates except as otherwise detailed in this policy.  The Company will not sell, lease, trade or otherwise profit from an Authorized Person’s templates. Likewise, the Company will not disclose, re-disclose or otherwise disseminate templates without an Authorized Person’s consent unless required: (1) by any state law, federal law or municipal ordinance; or (2) by valid warrant or valid subpoena issued by a court of competent jurisdiction.

How We Store Potentially Biometric Data.

The data obtained from an Authorized Person’s hand scan are converted to an encrypted mathematical file that is then securely retained on applications and infrastructure owned and maintained by the Company.  All templates obtained from an Authorized Person’s finger scan are stored on a smart card, which we will issue to you, and are not stored by the Company.

How We Retain, Safeguard, and Destroy Potentially Biometric Data.

Unless otherwise required by law, the Company will retain an Authorized Person’s templates until the earlier of the following occurs:

• When an Authorized Person’s Equinix Customer Portal (“ECP”) profile is removed;
• An Authorized Person’s IBX Center access is removed;
• One year following an Authorized Person’s last access to a secure location using biometric data; or
• Upon request to the Equinix Privacy Office from the Authorized Person to permanently destroy the template. 

The Company will permanently destroy an Authorized Person’s template upon expiration of the above-outlined time periods.

During the time of retention, the Company will store and safeguard the Authorized Person’s template using the reasonable standard of care within the industry, and in a manner equally protective as that in which the Company stores, transmits, and protects other confidential and sensitive data.

How to Contact Us.

If you have questions or concerns about this policy, please contact the site manager or the Equinix Security Desk, who will refer the question to the appropriate Company representative, or contact us at PrivacyOffice@equinix.com or +1.866.977.3749.

Updates to this Policy.

The Company reserves the right to amend this policy at any time for any reason.

If any provision of this policy or any part thereof contravenes any appliable law, or if the operation of any provision is determined by applicable law or otherwise to be unenforceable, then such offending provision or part thereof shall be severed, and the remaining provisions given full force and effect.

Any legal disputes, claims, controversies or disagreements arising out of or relating to this Illinois Biometric Data Policy or the Company’s procedures relating to Authorized Person’s biometric data (“Claim”) shall be resolved by binding arbitration instead of the courts.  All Claims may be brought only in the User’s individual capacity, and not as Plaintiff, claimant or class member in a class, collective or other representative or joint proceeding.  Arbitration is the exclusive form for the resolution of such Claims, and both the Company and Authorized Persons mutually waive their respective right to a trial before a judge or jury in federal or state court.  The binding arbitration will be administered by the American Arbitration Association (“AAA”) in accordance with its rules and procedures then in effect, and shall be confidential.