Appendix I: General Data Protection Regulation 2016/679 (“GDPR”).

  1. Scope.
    If you are a resident of the European Union (“EU”) and we process data about you that might be considered Personal Information under the GDPR, this Appendix shall apply.
  2. Your rights as a Data Subject.
    You have the rights indicated in Section 7 in accordance with the provisions of the GDPR. You also have the following rights:

     

    1. Right to restriction of processing.
      You have the right to restrict us from processing all or some of your Personal Information, temporarily or permanently.
    2. Right to data portability.
      You have the right to request us a copy of your Personal Information in an electronic format, along with the right to transmit such data to another controller.
    3. Right to not be subject to automated decision-making.
      You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
    4. Right to withdraw your consent.
      At any time, you have the right to withdraw the consent you have given us to carry out the processing of your Personal Information.
  3. How to exercise your rights.
    We shall take all the appropriate measures to provide you with any information you have requested in a concise, transparent, intelligible, and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.
    We shall answer your request within 1 month of the date on which it was received. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 2 additional months. In such case, we will inform you within the original 1-month term.
  4. Restrictions to your rights.
    Please note that the exercise of your rights is subject to certain restrictions pursuant to the EU and/or EU Member’s local law, as indicated in Section 23 of GDPR. In addition, if we are not in a position to identify you, then we shall not facilitate the exercise of your rights.
    Please note that, if you exercise your right to withdraw your consent, such withdrawal will not affect the lawfulness of the processing carried out before you exercise this right.
  5. Sensitive Personal Information.
    Under the GDPR, Personal Information is considered sensitive if it reveals:

     

    1. Racial or ethnic origin.
    2. Political opinions.
    3. Religious or philosophical beliefs.
    4. Trade union membership.
    5. Genetic or biometric data for the purpose of uniquely identifying a natural person.
    6. Data concerning health or data concerning a natural person’s sex life or sexual orientation.
  6. We will process your Sensitive Personal Information only if one of the conditions set forth under section 9 of the GDPR applies.
  7. Use of our services by children.
    Under the GDPR, the processing of Personal Information related to a child is lawful if the child is at least 16 years old. If the child is under 16 years old, processing will only be lawful if the consent is given or authorized by the child’s holder of parental responsibility, and to the extent of such consent. That’s why, whenever possible, we try to make reasonable efforts to verify consent is given or authorized by the holder of parental responsibility over the child, as permitted by available technology.
  8. How secure is your Personal Information.
    We design our systems with your security and privacy in mind. We are firmly committed to the security of your Personal Information. That is why we implement appropriate technical and organizational measures to protect your Personal Information. In case of a data breach, we will notify you without undue delay about it, in clear and plain language, pursuant to section 34 of the GDPR. We will inform you about the nature of the Personal Information affected and the security measures we have taken to tackle this breach. Please note that certain exceptions may apply (e.g.: we shall not inform you about the data breach if we implemented appropriate technical and organizational protection measures, and those measures were applied to the Personal Information affected by the data breach, in particular, those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption; we shall not communicate you about the data breach if we have taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize, etc.).

Appendix II: California Privacy Rights Act (“CPRA”).

  1. Scope.
    If you are a resident of California and we process data about you that might be considered Personal Information under the CPRA, this Appendix shall apply.
  2. Your rights as a Data Subject.
    You have the rights indicated in Section 7 in accordance with the provisions of the CPRA.
  3. How to exercise your rights.
    We shall take all the appropriate measures to provide you with any information you have requested.
    We shall answer your request within 45 days from the date on which your request was received. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 45 additional days. In such case, we will inform you within the original 45-day term, together with the reasons for the extension.
  4. Restrictions to your rights.
    Please note that the exercise of your rights is subject to certain restrictions pursuant to the CPRA. (e.g. we shall not delete your personal information if it is necessary to: a) complete the transaction for which the personal information was collected; b) help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes; c) to comply with a legal obligation, etc.; in case your request is manifestly unfounded or excessive, we may either charge you with a reasonable fee taking into account the administrative costs of providing the information or refuse to act on the request and notify you the reason for refusing your request, etc.).
  5. Sensitive Personal Information.
    Under the CPRA, Personal Information is considered sensitive in the following cases:
    1. Personal Information that reveals:
      1. A consumer’s social security, driver’s license, state identification card, or passport number.
      2. A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
      3. A consumer’s precise geolocation.
      4. A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership.
      5. The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
      6. A consumer’s genetic data.
    2. The processing of biometric information for the purpose of uniquely identifying a consumer.
    3. Personal Information collected and analyzed concerning a consumer’s health.
    4. Personal Information collected and analyzed concerning a consumer’s sex life or sexual orientation.
  6. Use of our services by children.
    Under the CPRA, a child is any natural person who is under 16 years old. Please note that, under the CPRA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. That’s why –in case we receive a request from a child’s parent and/or legal guardian–, we will both analyze and reply to it within the legal terms granted by the CPRA.

Appendix III: Virginia Consumer Data Privacy Act (“VCDPA”).

  1. Scope.
    If you are a resident of the Commonwealth of Virginia and we process data about you that might be considered Personal Information under the VCDPA, this Appendix shall apply.
  2. Your rights as a Data Subject.
    You have the rights indicated in Section 7 in accordance with the provisions of the VCDPA. You also have the following rights:

     

    1. Right to receive a copy of your personal information.
      You have the right to request a copy of the Personal Information we have collected about you in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another entity without hindrance if the processing is carried out by automated means.
    2. Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling.
      Jointly with the right to opt-out of the sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling in furtherance of decisions that produce legal or similarly significant effects to you.
  3. How to exercise your rights.
    We shall take all the appropriate measures to provide you with any information you have requested.
    We shall answer your request within 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 45 additional days. In such case, we will inform you within the initial 45-day term together with the reasons for the extension.
    In case we decline your request, we will inform you no later than 45 days from the date on which your request was received. If you want to appeal our decision, send your appeal request to the following address info@nextleveltech.com with the header “Appeal to Denial of Request”.
    We will answer your appeal within 60 days from the date on which it was received, which will include a written explanation for the decision taken. If we deny your appeal, you may contact Virginia’s Attorney General to submit a complaint by visiting https://www.virginia.gov/agencies/office-of-the-attorney-general/.
  4. Restrictions to your rights.
    Please note that the exercise of your rights is subject to certain restrictions pursuant to the VCDPA (e.g. if your request is manifestly unfounded, excessive, or repetitive, we may charge you a reasonable fee to cover up the costs of analyzing your request; if we are unable to authenticate your request by using reasonable commercial efforts, we shall not analyze it; we shall provide you the requested information free of charge up to twice annually, etc.).
  5. Sensitive Personal Information.
    Under the VCDPA, Personal Information is considered sensitive in the following cases:
    1. Personal Information revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status.
    2. Genetic or biometric data processed for the purpose of uniquely identifying a natural person
    3. The Personal Information collected from a known child.
    4. Precise geolocation data.
  6. In case we process Sensitive Personal Information, we will only carry out such processing if you have given us your consent to do so.
  7. Use of our services by children.
    Under the VCDPA, a child is any natural person under 13 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).
    Please note that, under the VCDPA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. In case we receive a request from a child’s parent and/or legal guardian, we will both analyze and reply to it within the legal terms granted by the VCDPA.
  8. How secure is your Personal Information.
    We design our systems with your security and privacy in mind. We are firmly committed to the security of your Personal Information. That’s why we implement administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of your Personal Information.
    In case of a data breach, please note that the Code of Virginia Title 18.2 Chapter 6, Article 5 Subsections 18.2-186.6 might apply.

Appendix IV: Colorado Privacy Act (“CPA”).

  1. Scope.
    If you are a resident of the State of Colorado and we process data about you that might be considered Personal Information under the CPA, this Appendix shall apply.
  2. Your rights as a Data Subject.
    You have the rights indicated in Section 7 in accordance with the provisions of the CPA. You also have the following right:

     

    1. Right to data portability.
      You have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another entity without hindrance.
    2. Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling.
      Jointly with the right to opt-out of the sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling in furtherance of decisions that produce legal or similarly significant effects to you.
  3. How to exercise your rights.
    We shall take all the appropriate measures to provide you with any information you have requested.
    We shall answer your request within 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 45 additional days. In such case, we will inform you within the original 45-day term together with the reasons for the extension.
    In case we decline your request, we will inform you no later than 45 days from the date on which your request was received, together with the reasons that support our decision and the instructions to appeal.
    In case you want to appeal our decision, send your appeal request to the following address info@nextleveltech.com with the header “Appeal to Denial of Request”.
    We will answer your appeal within 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 60 additional days. In such case, we will inform you within the original 45-day term, together with the reasons for the extension.
    If you have any concerns about our response to your appeal, you may contact Colorado’s Attorney General to submit a complaint by visiting https://coag.gov.
  4. Restrictions to your rights.
    Please note that the exercise of your rights is subject to certain restrictions pursuant to the CPA (e.g. we shall not comply with your request if, after making reasonable commercial efforts, we cannot authenticate your request; we may charge you a reasonable fee to cover up the costs of answering your request if you have submitted a second or subsequent request within a 12-month period, etc.).
  5. Sensitive Personal Information.
    Under CPA, Personal Information is considered sensitive in the following cases:
    1. Personal Information revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, or citizenship or immigration status.
    2. Genetic or biometric data that may be processed for the purpose of uniquely identifying an individual.
    3. Personal Information from a known child.
  6. In case we process Sensitive Personal Information, we will only carry out such processing if you have given us your consent to do so.
  7. Use of our services by children.
    Under the CPA, a child is any individual who is under 13 years old. The processing of Personal Information related to a child is lawful only if the child’s parents or legal guardian have given their consent.
  8. How secure is your Personal Information.
    We design our systems with your security and privacy in mind. We are firmly committed to the security of your Personal Information. That’s why we implement reasonable measures to protect your Personal Information. In case of a security breach, we will notify you without undue delay, no later than 30 days after we become aware of the incident pursuant to Title 6, Article 1, Part 7 Section 6-1-716 of the 2022 Colorado Code. Please note that certain exceptions may apply (e.g. if our internal investigation determines that the misuse of your Personal Information has not occurred and is not reasonably likely to occur).

Appendix V: Connecticut Data Privacy Act (“CDPA”).

  1. Scope.
    If you are a resident of the State of Connecticut and we process data about you that might be considered Personal Information under CDPA, this Appendix shall apply.
  2. Your rights as a Data Subject.
    You have the rights indicated in Section 7 in accordance with the provisions of the CDPA. You also have the following rights.

     

    1. Right to obtain a copy of the personal information.
      You have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another entity without hindrance where the processing is carried out by automated means.
    2. Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling.
      Jointly with the right to opt-out of the sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling in furtherance of decisions that produce legal or similarly significant effects to you.
  3. How to exercise your rights.
    We shall take all the appropriate measures to provide you with any information you have requested.
    We shall answer your request no later than 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. complexity of your request/number of requests received)– we may extend the term by 45 additional days. In such case, we will inform you within the original 45-day term together with the reasons for the extension.
    In case we decline your request, we will inform you no later than 45 days from the date on which your request was received, together with the reasons that support our decision. If you want to appeal our decision, you must send your appeal request to the following address info@nextleveltech.com with the header “Appeal to Denial of Request”.
    If you decide to appeal our decision, we will answer your appeal no later than 60 days from the date on which it was received. If we deny your appeal, you may contact Connecticut’s Attorney General to submit a complaint by visiting https://portal.ct.gov/AG.

  4. Restrictions to your rights.
    Please note that the exercise of your rights is subject to certain restrictions pursuant to the CDPA (e.g. we shall not comply with your request if, after making reasonable commercial efforts, we cannot authenticate your request or identity or the identity of the agent acting on your behalf; we shall not comply with your opt-out request if we have a good faith, reasonable and documented belief that such request is fraudulent; if your request is manifestly unfounded, excessive, or repetitive, we may charge you with a reasonable fee to cover up the costs of analyzing your request; we may give you the data requested free of charge up to once during a 12-month-period; we shall not comply with your request if the confirmation or access to your Personal Information would require us to reveal a trade secret, we shall not comply with your right to obtain a copy if that would require us to reveal a trade secret, etc.).
  5. Sensitive Personal Information.
    Under CDPA, Personal Information is considered sensitive in the following cases:
    1. Data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation or citizenship or immigration status.
    2. Genetic or biometric data processed only for the purpose of uniquely identifying an individual.
    3. Personal Information collected from a known child.
    4. Precise geolocation data.
  6. In case we process Sensitive Personal Information, we will only carry out such processing if you have given us your consent to do so.
  7. Use of our services by children.
    Under the CDPA, a child is any individual who is under 13 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).
    Please note that, under the CDPA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. In case we receive a request from a child’s parent and/or legal guardian, we will both analyze and reply to it within the legal terms granted by the CDPA.

Appendix VI: Argentine Personal Data Protection Act No. 25,326 (“PDPA”).

  1. Scope.
    If you are a resident of Argentina and we process data about you that might be considered Personal Information under PDPA, this Appendix shall apply.
  2. Your rights as a Data Subject.
    You have the rights indicated in Section 7 in accordance with the provisions of the PDPA. You also have the following rights:

     

    1. Right to update your personal information.
      You may request us to update the Personal Information we have collected about you.
    2. Right to request information.
      You have the right to request information to the supervisory authority about the existence of databases, the controller’s identity, and the purposes for which the Personal Information has been processed.
  3. How to exercise your rights.
    If you exercise any of these rights, we will check your entitlement and respond to you within 10 (ten) calendar days from the date on which your request to access your Personal Information was received; or 5 (five) business days from the date on which (i) your request for any rectification, update, or deletion of your Personal Information was received; or (ii) we noticed a mistake on your Personal Information.
    To exercise your rights, please contact us at info@nextleveltech.com.
    You represent and warrant that you have been duly informed that: “The data subject has the right to access your Personal Information at intervals of not less than six months free of charge unless there is a specified legitimate interest agreed upon by the interested party as established in section 14, paragraph 3 of Act 25,326, by submitting an email to the following email address: info@nextleveltech.com. The AGENCY OF ACCESS TO PUBLIC INFORMATION, in its function of Controlling Entity of Act 25,326, has the attribution to attend any complaints or reports related to the infringement of personal data regulations”.
  4. Restrictions to your rights.
    Please note that the exercise of your rights is subject to certain restrictions pursuant to Section 17 of the PDPA. For example, we have the right to not delete your Personal Information when we are required to retain such data based on a legal obligation or if such deletion affects a third party.
  5. Sensitive Personal Information.
    Under PDPA, Personal Information is considered sensitive if it reveals:
    1. Racial or ethnic origin.
    2. Political opinions.
    3. Religious or philosophical beliefs.
    4. Trade union membership.
    5. Data concerning health or data concerning a natural person’s sex life or sexual orientation.
  6. Use of our services by children.
    In Argentina, a child is a person under 18 years old. Pursuant to Criteria No. 5 of Annex I of the Resolution AAIP 4/2019, the processing of Personal Information of a child in Argentina will be lawful if: a) The child has given its consent based on the progressive autonomy principle, as set forth in Sections 26 and 639 of the Argentine Federal Civil and Commercial Code, taking into account the child’s psychophysical characteristics, aptitudes, and development; b) The consent has been given by the child´s holder of parental responsibility, parent and/or legal guardian when the child’s psychophysical characteristics, aptitudes, and development do not allow the child to give its consent.
  7. How secure is your Personal Information.
    We design our systems with your security and privacy in mind. We are firmly committed to the security of your Personal Information. That’s why we implement administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of your Personal Information, in compliance with Sections 9 and 10 of the PDPA and Resolution AAIP 47/2018.

Appendix VII: Utah Consumer Privacy Act (“UCPA”).

  1. Scope.
    If you are a resident of Utah and we process data about you that might be considered Personal Information under the UCPA, this Appendix shall apply, provided that the UCPA is in full force and effect.

     

  2. Your Rights as a data subject.
  3. You have the rights indicated in Section 7 in accordance with the provisions of the UCPA. You also have the following rights:

     

    1. Right to obtain a copy of your personal information.
    2. You have the right to request a copy of the Personal Information you have previously provided to us in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another entity without impediment where the processing is carried out by automated means.
      Right to opt-out of the processing of Personal Information for purposes of targeted advertising and processing of Sensitive Personal Information.
    3. Jointly with the right to opt-out of the sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising, as well as to opt-out the processing of Sensitive Personal Information.
      Right to receive a clear notice prior to processing Sensitive Personal Information.
    4. You have the right to receive a clear notice about the processing of Sensitive Personal Information prior to the beginning of such processing.
      Right of no discrimination.
  4. You have the right to not be discriminated against (e.g. not to be denied any product or service; not to be charged with a different price or rate for any product or service; not to be provided with a different quality of a good or service) if you exercise your rights.
    How to exercise your rights.
  5. We shall take all the appropriate measures to provide you with any information you have requested.

    We shall answer your request no later than 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. complexity of your request/volume of requests received)– we may extend the term by 45 additional days. In such case, we will inform you within the original 45-day term together with the reasons for the extension.
    In case we decline your request, we will inform you no later than 45 days from the date on which your request was received, together with the reasons that support our decision.
    Please note that if the consumer is subject to guardianship, conservatorship, or other protective arrangement pursuant to Title 75, Chapter 5 Protection of Persons Under Disability and Their Property, the guardian or conservator of the consumer shall exercise their rights on their behalf.
    Restrictions to your rights.
  6. Please note that the exercise of your rights is subject to certain restrictions pursuant to the UCPA (e.g. we shall not comply with your request if it is excessive, repetitive, technically infeasible or manifestly unfounded; if we reasonably believe that the primary purpose for submitting the request was something other than exercising a right or if the request, individually or as part of an organized effort, harasses, disrupts or imposes undue burden on our business’ resources; we may charge you with a reasonable fee to cover up the administrative costs of complying your request; we may give you the data requested free of charge up to once during the same 12-month-period; we shall not comply with your request if, using commercially reasonable efforts, we are unable to authenticate your request; we may request additional information reasonably necessary to authenticate your request if we are unable to authenticate your request using commercially reasonable efforts; we shall not comply with your request if we suspect it is fraudulent and we are not able to authenticate the request before the 45-day-period expires, etc.).
    Sensitive Personal Information.
  7. Under the UCPA, Personal Information is considered sensitive in the following cases:

     

    1. Data revealing racial or ethnic origin, religious beliefs, medical history, mental or physical health condition or diagnosis or medical treatment by a health care professional, sexual orientation or citizenship or immigration status.
    2. Genetic or biometric data, if the processing is for the purpose of identifying a specific individual.
    3. Specific geolocation data.
  8. In case we process Sensitive Personal Information, we will only carry out such processing if you have given us your consent to do so.
    Use of services by children.

Under the UCPA, a child is any individual who is under 13 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).

Please note that, under the UCPA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. In case we receive a request from a child’s parent and/or legal guardian, we will both analyze and reply to it within the legal terms granted by the UCPA.

Appendix VIII: Texas Data Privacy and Security Act (“TDPSA”).

  1. Scope.
    If you are a resident of Texas and we process data about you that might be considered Personal Information under the TDPSA, this Appendix shall apply, provided that the TDPSA is in full force and effect.

     

  2. Your Rights as a data subject.
  3. You have the rights indicated in Section 7 in accordance with the provisions of the TDPSA. You also have the following rights:

     

    1. Right to obtain a copy of your personal information.
    2. If the data is available in a digital format, you have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another controller without hindrance.
      Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling.
    3. Jointly with the right to opt-out of the sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising or profiling in furtherance of a decision that produces a legal or similarly significant effect concerning yourself.
      Right of no discrimination.
  4. You have the right to not be discriminated (e.g. not to be denied any product or service; not to be charged with a different price or rate for any product or service; not to be provided with a different quality of goods or services) if you exercise your rights.
    How to exercise your rights.
  5. We shall take all the appropriate measures to provide you with any information you have requested.

    We shall answer your request no later than 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. complexity of your request/number of requests received)– we may extend the term by 45 additional days. In such case, we will inform you within the original 45-day term together with the reasons for the extension.

    In case we decline your request, we will inform you no later than 45 days from the date on which your request was received, together with the reasons that support our decision. In case we decline your request, we will provide you with the instructions to appeal our decision.

    If you decide to appeal our decision, we will answer your appeal no later than 60 days from the date on which it was received. If we deny your appeal, you may contact Texas’ Attorney General to submit a complaint by visiting https://www.texasattorneygeneral.gov/.
    Restrictions to your rights.
  6. Please note that the exercise of your rights is subject to certain restrictions pursuant to the TDPSA (e.g. we shall not comply with your request if it is excessive, repetitive or manifestly unfounded or we may charge you with a reasonable fee to cover up the administrative costs of complying with your request; we may give you the data requested free of charge up to twice annually; we shall not comply with your request if, using commercially reasonable efforts, we are unable to authenticate your request; we may also request additional information reasonably necessary to authenticate your request; we shall not comply with an opt-out request received from an authorized agent if (i) the authorized agent does not communicate us the request in a clear and unambiguous manner, (ii) we are not able to verify, with commercially reasonable efforts, if you are a resident of Texas, (iii) we do not possess the ability to process the agent’s request, or (iv) if we do not possess similar or identical requests we receive from you for the purpose of complying with similar or identical laws or regulations of another state).
    Sensitive Personal Information.
  7. Under TDPSA, Personal Information is considered sensitive in the following cases:

     

    1. Data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, or citizenship or immigration status.
    2. Genetic or biometric data, if the processing is for the purpose of identifying an individual.
    3. Personal Information collected from a known child.
    4. Precise geolocation data.
  8. In case we process Sensitive Personal Information, we will only carry out such processing if you have given us your consent to do so.
    Use of services by children.

Under the TDPSA, a child is any individual who is under 13 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).

Please note that, under the TDPSA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. In case we receive a request from a child’s parent and/or legal guardian, we will both analyze and reply to it within the legal terms granted by the TDPSA.

Appendix IX: Oregon Consumer Privacy Act (“OCPA”).

  1. Scope.
    If you are a resident of Oregon and we process data about you that might be considered Personal Information under the OCPA, this Appendix shall apply, provided that the OCPA is in full force and effect.

     

  2. Your Rights as a data subject.
  3. You have the rights indicated in Section 7 in accordance with the provisions of the OCPA. You also have the following rights:

     

    1. Right to obtain a copy of the personal information.
    2. If the data is available in a digital format, you have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another controller without hindrance.
      Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling.
    3. Jointly with the right to opt-out of the sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling in furtherance of a decision that produces a legal or similarly significant effect concerning yourself.

      Please note that you can designate another person to serve as your authorized agent to act on your behalf regarding this right to opt-out.
      Right of no discrimination.
  4. You have the right to not be discriminated (e.g. not to be denied any product or service; not to be charged with a different price or rate for any product or service; not to be provided with a different quality of goods or services) if you exercise your rights.
    How to exercise your rights.
  5. We shall take all the appropriate measures to provide you with any information you have requested.

    We shall answer your request no later than 45 days from the date on which it was received. Please bear in mind that –in certain situations (e.g. complexity of your request/number of requests received)– we may extend the term by 45 additional days. In such case, we will inform you within the original 45-day term together with the reasons for the extension.

    In case we decline your request, we will inform you no later than 45 days from the date on which your request was received, together with the reasons that support our decision. In case we decline your request, we will provide you with the instructions to appeal our decision.

    If you decide to appeal our decision, we will answer your appeal no later than 45 days from the date on which it was received. If we deny your appeal, you may contact Oregon’s Attorney General to submit a complaint by visiting https://www.doj.state.or.us/oregon-department-of-justice/contact-us/.
    Restrictions to your rights.
  6. Please note that the exercise of your rights is subject to certain restrictions pursuant to the OCPA (e.g. we may give you the data requested free of charge up to once during any 12-month period unless the purpose of the second or subsequent request is to verify that we corrected inaccuracies in, or deleted your Personal Information in compliance with your request; we shall not comply with your request if, using commercially reasonable efforts, we are unable to authenticate your request without additional information from you unless you provide us the information necessary to authenticate your request; regarding your opt-out request, we may ask for additional information necessary to comply with such request, (e.g. information to identify you and your request); we may deny your request to opt-out if we have a good faith, reasonable and documented belief that your request is fraudulent, etc.).
    Sensitive Personal Information.
  7. Under OCPA, Personal Information is considered sensitive in the following cases:

     

    1. Data revealing racial or ethnic background, national origin, religious beliefs, mental or physical condition or diagnosis, sexual orientation, status as transgender or non-binary, status as a victim of crime or citizenship or immigration status.
    2. Accurately identifies within a radius of 1750 feet a consumer’s present or past location, or the present or past location of a device that links or is linkable to a consumer by means of technology that includes, but is not limited to, a global positioning system that provides latitude and longitude coordinates.
    3. Genetic or biometric data.
    4. A child’s personal information.
  8. In case we process Sensitive Personal Information, we will only carry out such processing if you have given us your consent to do so.
    Use of services by children.

Under the OCPA, a child is any individual who is under 13 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).

Please note that, under the OCPA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child or on behalf of a child for whom the guardian has legal responsibility. Moreover, a guardian or conservator may exercise the rights described herein on behalf of a consumer that is subject to a guardianship, conservatorship, or other protective agreement.

In case we receive a request from a child’s parent and/or legal guardian, or a consumer’s guardian or conservator, we will both analyze and reply to it within the legal terms granted by the OCPA.

Appendix X: Florida Digital Bill of Rights (“FDBR”).

  1. Scope.
    If you are a resident of Florida and we process data about you that might be considered Personal Information under the FDBR, this Appendix shall apply, provided that the FDBR is in full force and effect.

     

  2. Your Rights as a data subject.
    1. Right to obtain a copy of the personal information.
    2. You have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another entity without hindrance where the processing is carried out by automated means.
      Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling.
  3. Jointly with the right to opt-out of the processing sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling in furtherance of decisions that produce legal or similarly significant effects to you.
    How to exercise your rights.
  4. We shall take all the appropriate measures to provide you with any information you have requested.

    We shall answer your request within 45 days since we have received it. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 15 additional days. In case we need to extend the term, we will inform you within the original 45-day term, together with the reasons for the delay.

    If the request is rejected, you will be informed of the reason for the rejection and the instructions to appeal the decision.

    If you want to appeal our decision, you must send your appeal request to the following address info@nextleveltech.com with the header “Appeal to Denial of Request.”

    If you decide to appeal our decision, we will answer your appeal no later than 60 days from the date on which it was received, informing you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions.

    We shall provide information or take action in response to your requests free of charge, twice per year, as long as such requests are not unfounded, excessive, or repetitive.
    Restrictions to your rights.
  5. Please note that the exercise of your rights is subject to certain restrictions pursuant to the FDBR (e.g. we shall not comply with your request if, after making reasonable commercial efforts, we cannot authenticate your request; we may charge you a reasonable fee to cover up the costs of answering your request if you have submitted a third or subsequent request within a 12-month period, etc.).
    Sensitive Personal Information.
  6. Under FDBR, Sensitive Data is considered one of the following.

     

    1. Personal information revealing an individual’s racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status.
    2. Genetic or biometric data processed for the purpose of uniquely identifying an individual.
    3. Personal information collected from a known child.
    4. Precise geolocation data.
  7. In case we process Sensitive Data, we will only carry out such processing if you have given us your consent to do so.
    Use of services by children.
  8. Under the FDBR, a child is any individual who is under 18 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).

    Please note that, under the FDBR, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. In case we receive a request from a child’s parent and/or legal guardian, we will both analyze and reply to it within the legal terms granted by the FDBR.
    How secure is your Personal Information.

We design our systems with your security and privacy in mind. We are firmly committed to the security of your Personal Information. That’s why we implement administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of your Personal Information. These measures are aimed at preventing, detecting, protecting against, or responding to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity, preserving the integrity or security of systems, or investigating, reporting, or prosecuting those responsible for any of these actions.

Appendix XI: Montana Consumer Data Privacy Act (“MCDPA”).

  1. Scope.
    If you are a resident of Montana and we process data about you that might be considered Personal Information under the MCDPA, this Appendix shall apply, provided that the MCDPA is in full force and effect.

     

  2. Your Rights as a data subject.
  3. You have the rights indicated in Section 7 in accordance with the provisions of the MCDPA. You also have the following rights:

     

    1. Right to obtain a copy of the personal information.
    2. You have the right to obtain your Personal Information in a portable and, to the extent technically feasible, readily usable format to allow you to transmit your Personal Information to another entity without hindrance where the processing is carried out by automated means.
      Right to opt-out of the processing of Personal Information for purposes of targeted advertising and profiling.
  4. Jointly with the right to opt-out of the processing sale or sharing of your Personal Information, you have the right to opt-out of the processing of your Personal Information for purposes of targeted advertising and profiling in furtherance of a decision that produces a legal or similarly significant effect to you.
    How to exercise your rights.
  5. We shall take all the appropriate measures to provide you with any information you have requested.

    We shall answer your request within 45 days since we have received it. Please bear in mind that –in certain situations (e.g. the complexity of your request)– we may extend the term by 45 additional days. In case we need to extend the term, we will inform you within the original 45-day term, together with the reasons for the delay.

    If the request is rejected, you will be informed of the reason for the rejection and the instructions to appeal the decision.

    If you want to appeal our decision, you must send your appeal request to the following address info@nextleveltech.com with the header “Appeal to Denial of Request.”

    If you decide to appeal our decision, we will answer your appeal no later than 60 days from the date on which it was received, informing you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions.

    We shall provide information in response to your requests free of charge, once per 12-month period, as long as such requests are not unfounded, excessive, technically infeasible, or repetitive.

    You may designate another person to serve as your authorized agent and act on your behalf to opt out of the processing of your personal information for the purposes already specified. You may designate an authorized agent by way of a technology, including but not limited to an internet link or a browser setting, browser extension, or global device setting indicating a customer’s intent to opt out of such processing.

    On the other hand, the guardian or conservator of a consumer subject to a guardianship, conservatorship, or other protective arrangement, may exercise the rights of the consumer on their behalf regarding the processing of personal information.
    Restrictions to your rights.
  6. Please note that the exercise of your rights is subject to certain restrictions pursuant to the MCDPA (e.g. we shall not comply with your request if, after making reasonable commercial efforts, we cannot authenticate your request; we may charge you a reasonable fee to cover up the costs of answering your request if you have submitted a second or subsequent request within a 12-month period, etc.).
    Sensitive Information.
  7. Under MCDPA, Sensitive Data is considered one of the following.

     

    1. Data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, information about a person’s sex life, sexual orientation, or citizenship or immigration status.
    2. The processing of genetic or biometric data for the purpose of uniquely identifying an individual.
    3. Personal information collected from a known child.
    4. Precise geolocation data.
  8. In case we process Sensitive Data, we will only carry out such processing if you have given us your consent to do so.
    Use of services by children.
  9. Under the MCDPA, a child is any individual who is under 13 years old. The processing of Personal Information related to a child is lawful if it is done in accordance with the provisions set forth in the Children’s Online Privacy Protection Act (“COPPA”).

    Please note that, under the MCDPA, the child’s parents and/or legal guardian may exercise the rights described above on behalf of the child. In case we receive a request from a child’s parent and/or legal guardian, we will both analyze and reply to it within the legal terms granted by the MCDPA.
    How secure is your Personal Information.

We design our systems with your security and privacy in mind. We are firmly committed to the security of your Personal Information. That’s why we implement administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of your Personal Information. These measures are aimed at preventing, detecting, protecting against, or responding to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity, preserving the integrity or security of systems, or investigating, reporting, or prosecuting those responsible for any of these actions.

In case of a security breach, we will notify you without undue delay, according to applicable state regulations.

nxtl

Onsite Engagements

Our dedicated team integrates seamlessly with your internal project teams on-location, ensuring that every aspect of your IT needs is addressed in real time. By embedding our full-time employees directly at your site, we eliminate travel-related delays and expenses, providing you with a cost-effective, cohesive, and reliable consulting experience. We relocate our team to the client location at no cost to the client, for the duration of the project.

This will close in 0 seconds

On-Shore Options

We offer robust on-shore delivery capabilities from our strategically located offices in Charlotte, NC, Chicago, IL and Toronto, CA. Each office is equipped with segregated spaces to maintain the confidentiality of proprietary information. Our on-shore teams are prepared to handle all required skill sets, including Business Analysts (BA), Quality Analysts (QA), Developers, and Project Managers (PMs).

This will close in 0 seconds

Off-Shore Solutions

Our off-shore delivery offices in Hyderabad, IN, are designed to provide the same level of expertise and confidentiality as our on-shore locations. We maintain segregated office spaces to ensure that your project data remains secure. Our off-shore teams are proficient in various skill sets, ensuring comprehensive support for all project phases.

This will close in 0 seconds

Dan Pollack

Dan, our Chief Customer Officer, entered the P&C industry following his graduation from Xavier University in Cincinnati, Ohio, in 1990. He joined NXT Level to spearhead our customer acquisition strategy, advocate for our practices throughout the sales cycle, mentor staff, and ensure customer success. With over three decades of experience in P&C, Dan has spent 20 years specializing in Guidewire products, handling everything from initial implementations to upgrades, data migration, and ongoing maintenance and support.
Before joining NXT Level, Dan served as AVP IT Services at Great American Insurance, where his responsibilities included Guidewire Implementation, ETL Services, Testing, Business Analysis Center of Excellence, and Legacy Migration. Over his 26-year tenure at Great American, he earned certifications in Project Management (PMP) and an Associate in Insurance Designation (AINS).

This will close in 0 seconds

Michael Lauren

Michael Lauren serves as the Co-President and Managing Partner of NXT Level Technologies, bringing over three decades of experience in the technology industry, with a focus on the Guidewire applications market for the past 18 years. He has led sales, outsourcing, solutions, and project management teams throughout his career.
Michael has spearheaded initiatives and facilitated Mergers and Acquisitions within the IT industry, raising over $50 million in capital over the years. He possesses a strong capability in cultivating profound relationships with CEOs, CIOs, CTOs, and senior IT management across various organizations.

This will close in 0 seconds

Vijay Babers

Vijay Babers serves as Co-President of NXT Level Technologies. He holds a master's degree in computer science from New South Wales University, Sydney, Australia. Over the past 30 years, Vijay has built a robust practice centered on Guidewire, ECM, Middleware, and Cloud solutions driven by his visionary leadership.
Passionate about his work, Vijay prioritizes customer service and success above all else. He excels as an IT strategic leader and change agent, adept at identifying and implementing innovative solutions to intricate business challenges. Vijay's management style is results-oriented, emphasizing rapid delivery of substantial and measurable business value within the Property and Casualty Insurance and other industries.

This will close in 0 seconds

Rishab Chawla

Rishab is our Director of Vendor Management, bringing over 16 years of experience in the IT industry, with 15 years specifically focused on Guidewire Products. He possesses a strong background in sales, management, and delivery, fostering excellent relationships with teams and vendors alike.

This will close in 0 seconds

Neeta Ruhela

Neeta joined NXT Level as Senior Architect and Engagement Director. With over 30 years of experience in software delivery, she has spent 24 years specializing in the Finance and P&C industries.
Neeta excels in Enterprise Application Integration and associated practices, concepts, and methodologies. Her expertise lies in large-scale customized application development and management, particularly in J2EE and Guidewire application integration. She serves as a proficient Guidewire Architect, adept at bridging the gap between business requirements and development teams.
Neeta holds a Master of Engineering in Computer Science and a Bachelor of Engineering in Electrical Engineering.

This will close in 0 seconds

Matt Gillespie

With over 15 years of leadership experience, Matt is a pragmatic leader who seamlessly merges business acumen with extensive IT expertise to yield tangible business results. He is dedicated to optimizing operational efficiency by fine-tuning processes, products, services, and software, ensuring alignment with overarching business goals.
Matt’s leadership style is rooted in transparent communication and a customer-centric focus. His collaborative approach spans all organizational levels, where he crafts strategic, tactical, and operational roadmaps for business enablement and stability. Known for excellent interpersonal skills, Matt fosters positive relationships with internal and external stakeholders.
Matt brings a unique blend of technical expertise and leadership skills to the table. His ability to understand and align technology with business goals has resulted in significant operational efficiencies and cost savings in his previous roles. His experience spans across various sectors, including insurance, digital services, and healthcare, making him a versatile leader in the IT industry.
Matt aims to leverage his extensive experience and skills to drive digital transformation in organizations. He is particularly interested in cloud computing and its potential to revolutionize business operations. His goal is to lead organizations towards a more efficient and innovative future through the strategic use of technology.

This will close in 0 seconds

Christy Pollack

Christy serves as our Client Services Manager with over 30 years of experience in the Property and Casualty (P&C) industry. She began her career as a claims processor and has since held various roles including processor, lead processor, processing supervisor, management information specialist, and data analyst.
Christy's expertise includes vendor management oversight and reconciliation. She has provided extensive management support utilizing Cognos and the ClaimCenter application, focusing on requirements gathering and quality assurance testing.
To deepen her knowledge of P&C Insurance, Christy has earned several certifications including Associate in Insurance Designation (AINS), Associate in Claims (AIC), Associate in Claims Management (AIC-M), and Associate in Insurance Services (AIS).

This will close in 0 seconds

Dawn M Gee

Dawn brings over 30 years of experience in the Property and Casualty (P&C) Industry. She graduated from Michigan State University and has held various management roles with multiple carriers, spanning both business and IT domains. Dawn's career includes leadership in Commercial Auto and Workers’ Compensation business units, as well as training end-users on new systems.
Her expertise extends to managing claims systems testing and support analysts, and later leading Claims Business Analyst teams. Dawn has more than 15 years of experience with PolicyCenter, having worked on both System Integrator teams and directly with carriers. She has been instrumental in the full lifecycle of projects, from inception and implementation to upgrades and ongoing production enhancement support, consistently serving as a senior or lead business analyst.
Dawn is known for establishing strong working relationships with her peers and clients, maintaining connections with individuals from each implementation she has been involved in.

This will close in 0 seconds

Doug Dickerson

Doug serves as our Lead Solutions Architect, having graduated from the University of Cincinnati with a degree in Computer Science in 1994. Since then, Doug has accumulated nearly 35 years of experience in the tech industry, working with both large and small companies. His career has been marked by continuous learning and growth in software development, development infrastructures, and systems integrations.
With 18 years specifically dedicated to the Property and Casualty (P&C) community, Doug has excelled in implementing multi-platform Guidewire products. His expertise spans upgrades, initial implementations, development infrastructure setup, as well as ongoing maintenance and support.

This will close in 0 seconds

Shravan Yerabati

Shravan is our Human Resources Manager with over 18 years of industry experience. He adeptly bridges communication between senior management and employees to foster and enhance company-employee relations. Shravan's responsibilities include researching, recruiting, staffing, onboarding, and training new hires tailored to meet departmental needs.
He ensures compliance with company policies, regulatory requirements, and health and safety standards. Shravan also oversees payroll administration, manages company benefits packages, and determines appropriate compensation. Additionally, he coordinates corporate events, oversees vendor management, and organizes team-building meetings.

This will close in 0 seconds

Dave Trigo

David serves as our Vice President and Head of Cloud Implementations. A graduate of the New England Institute of Technology, David has dedicated the majority of his career to leadership roles within the P&C Insurance sector. He has held pivotal positions at prominent insurance carriers such as Hanover, MetLife, and Farmers.
Throughout his career, David has held various IT roles including Chief Architect, IT VP for Personal Lines, and Head of Strategy and Guidewire Delivery. Since 2005, he has been at the forefront of Guidewire initiatives, overseeing the implementation of a comprehensive range of Guidewire suite components.
Notably, David led the pioneering Guidewire cloud implementation at MetLife, successfully replacing an outdated legacy system with a strategic cloud-based solution. His leadership and expertise continue to drive innovation and excellence in cloud implementations within the insurance industry.

This will close in 0 seconds

Colin Parker

Colin is a seasoned insurance executive with over 20 years of experience, primarily with Guidewire Software. His career has been marked by supporting the sales team and effectively managing project delivery. Colin possesses deep expertise in leveraging Guidewire applications across diverse lines of business within the Property and Casualty (P&C) insurance industry.
In addition to his sales and delivery responsibilities, Colin has provided strategic advisory services to numerous insurers worldwide, including in the United States, Japan, Australia, New Zealand, England, and Russia. His insights and guidance have been instrumental in helping insurers optimize their operations and enhance their business outcomes.

This will close in 0 seconds