Northern Arkansas Telephone Company, Inc. (hereinafter "NATCO," "Company," "We," "Our," and "Us") is committed to respecting and protecting the privacy of our customers.  Protecting your private information or Personally Identifiable Information is our priority. This Privacy Policy explains the types of personal information we collect, and how we collect, use, maintain, protect, and share this information. This Privacy Policy also tells you about the rights and choices you may have when it comes to your personal information.

This Privacy Policy applies to the information we collect when you use or interact with our products, services, and networks ("Services"), including https://www.natconet.com/  ("Website"), but it is not exclusive to it. This Privacy Policy applies to everyone, including, but not limited to, visitors, users, and others who wish to access our Services or Website. By using our Services or Website, you consent to the data practices described in this Privacy Policy.

Please read this Privacy Policy carefully to understand our policies and practices regarding your information.

Definitions

• Personal Identifiable Information or "personal information" refers to any information that can be used to identify a specific individual. This includes information that is directly linked to a person, such as their name, date of birth, social security number, or email address, as well as information that can be used to identify them indirectly, such as their physical characteristics, biometric data, or online identifiers like IP addresses or device identifiers.
• Allowable Tracked Information refers to the specific types of data that a website or application is permitted to collect, use, and share with third parties. Examples of allowable tracked information that a website or application may collect and use could include: User behavior data, such as website usage patterns, search history, or clickstream data; location data, such as GPS data or IP address; network data, such as bandwidth usage, transmissions, security characteristics, content, or other network resources used in connections while uploading, downloading, or streaming; performance data, such as IP or Mac addresses, URLs, data transmission rates and latencies; equipment data, such as equipment type, serial number, settings, configurations, or software; demographic information, such as age, gender, or occupation; contact information, such as email address or phone number; or financial information, such as credit card numbers or payment information.
• Third Party refers to any entity that is not directly affiliated with us or our Website that is collecting or processing user data. This can include companies that provide services or products to the Company, analytics providers, or other third-party service providers.  Examples of third parties that may be involved in the collection and processing of user data include: Analytics providers that collect data on user behavior and provide insights to the organization, or payment processors or financial institutions that process transactions and collect payment information, etc.
• Cookies refer to text files placed on a computer, mobile phone, or other device used to navigate the internet. Cookies transmit information back to the website's server about the browsing activities of the user and may also be used to collect and store information about your preferences after you visit a website.

Collection of Your Personal Information

We limit the collection, use, retention, and disclosure of personal information to what is reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed. We also limit secondary use to that which is compatible with the original purpose of the personal information collection.

When you visit our Website, you may provide us with two types of information: personal information that you knowingly choose to disclose that is collected on an individualized basis, and website use information collected on an aggregate basis as you and others browse our Website.

You may also be required to provide certain personal information to us when you elect to use certain products or services by (a) registering for an account, (b) entering a sweepstake or contest sponsored by us or one of our partners, (c) signing up for special offers from selected third parties, (d) sending us an email message, and (e) submitting your credit card or other payment information when ordering and purchasing products and services.

We will use your information to communicate with you about services and/or products you have requested from us, including, but not limited to, providing them. We use information about customers in defined and responsible ways to manage, provide, and improve our products, services, and operations for our customers. This information will be used for internal purposes only and will not be shared with any third party. It shall not be used for any improper or unlawful purpose.

We retain customer information for such periods of time as required by law or regulation or as reasonably necessary to provide services.

Aggregate or Generic Information

This Privacy Policy does not apply to aggregate and/or generic information that does not identify you or any individual. Therefore, we reserve the right to share non-personal information with third parties for any reason, unless prohibited by law or regulation.

Right to Review and Update Your Personal Information

You may have a right to correct, update, delete, or request access to the personal information that you have provided to us. You may submit the following request by calling our office at 800-775-6682.

For your protection, we will only implement requests with respect to personal information about you (not anyone else), and we may need to verify your identity before implementing your request. We may need to retain certain information for recordkeeping purposes, as required under applicable legal obligations. And even if you have a right to deletion, some of your information may remain within our systems and other records or archives, in compliance with applicable law.

Sharing Information with Third Parties

We do not share customer information with third parties, except at the customer's request, with the customer's consent, or as described below. We do not sell, rent, or lease its customer lists to third parties.

We may share allowable tracked information with trusted partners to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. This information will not include personal information.  All such third parties are prohibited from using your personal information except to provide these services to the Company, and they are required to maintain the confidentiality of your information.

Representative third parties include:

• Vendors: We may provide information to our vendors who help us do things like provide service features, monitor Website activity, maintain databases, and assist us in hosting, and where they may observe information about you in the same way as described herein. We also use third-party vendors to provide services related to hosting the Website, providing technical support, updating records in our database, and sending or coordinating marketing communications on our behalf.
• Marketing: The information you provide on the Website may also be used by us for marketing purposes, such as when you subscribe to receive marketing communications or newsletters. Your information will not be provided to third parties for any third-party marketing purposes. You may choose to stop receiving our marketing communications at any time by opting out by following the unsubscribed instructions included in those communications, or you can contact us at 800-775-6682, and we will remove you from future mailings.
• Third-Party Support: While not routine, we may provide your information to persons or entities in connection with our own business operations, such as to contractors, our auditors, or counsel, or in connection with a major change in our business (such as an acquisition). In these instances, the Company will ensure that such persons or entities are subject to obligations to keep the information confidential and use the information only for the purpose we provided it to them.

We may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on the Company or the site; (b) protect and defend the rights or property of the Company; and/or (c) act under exigent circumstances to protect the personal safety of users or the public.

Tracking User Behavior

We may keep track of the websites and pages our users visit to identify trends among our Services. We may use this data to deliver customized content and advertising to customers whose behavior indicates that they are interested in a particular subject area.

Automatically Collected Information

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect allowable tracked information about your equipment, browsing actions, and patterns, including:

• Details of your visits to our Website, including traffic data, location data, logs, and other communication data, and the resources that you access and use on the Website.
• Information about your device and internet connection, including your IP address, operating system, domain names, access times, and browser type.

We use this allowable tracked information to operate the Website, maintain the quality of the Website, and assess Website usage.

Use of Cookies

The Website may use "cookies" to personalize your online experience. Cookies are small pieces of data that are stored by a user's web browser on the user's hard drive. One of the primary purposes of cookies is to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalize website pages or register with our Website or Services, a cookie helps us to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, etc. When you return to the same website, you can easily retrieve the information you previously provided.

There are two broad categories of cookies. First party and third party. First party cookies are cookies managed by the website you are visiting, and are tied to that domain. Third party cookies are cookies that are managed by service providers such as Google or Facebook. We utilize both first and third party cookies. The cookies we manage directly (first party cookies) do not capture or track Personally Identifiable Information, and we do not share your data with any third party. These cookies are used strictly to make your website browsing experience more pleasant.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our Services or our Website.
Third Party Cookies

Google's Analytics uses cookies to monitor traffic. These are powerful tools that allow us to analyze important information such as which pages are visited most frequently, what search words are used, and what browsers, operating systems, and devices are being used by our end users. This information allows us to provide the best overall service we can to all of our users. To view Google's data use policy, visit this page. Opting out of cookies will mean those analytics will not be captured. YouTube video embedding also uses cookies. YouTube is a Google company, so it also adheres to Google's data use policy. Facebook and Instagram allow content sharing, which also uses cookies. Here is Facebook's cookie use policy page. X (formerly Twitter) and LinkedIn allow content sharing in a similar manner. Here is X's privacy policy page, and here is LinkedIn's privacy policy page.

Google's Recaptcha spam blocker (used to protect forms from malicious activity) also uses cookies to detect human vs. spambot activity. Protection against spam is a required part of any responsible website, and Google's Recaptcha is the industry standard for spam protection. For details on cookie usage in Recaptcha, check Google's data use policy.

Following Links

Any external link that is added provided in the content of any page on this website could introduce cookies. This website has no control over whether websites that are visited through clicking on these links would set cookies in your browser.

Session Cookies

This website is built using a programming language specifically designed for creating websites. This programming language sets a cookie which is used to maintain session activity between your browser and the website you are visiting. We have no control over this cookie, it is part of the web infrastructure that allows you to surf the internet.

Links

This Website may contain links to other sites. We provide such links for your reference only. Please be aware that we are not responsible for the content or privacy practices of such other sites. Our inclusion of links to such websites does not imply any endorsement of the material on such websites or any association with their operators. We encourage our users to be aware when they leave our site and to read the privacy policies of any other site that collects Personally Identifiable Information.

E-mail Communications

From time to time, we may contact you via email for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication. To improve our Services, we may receive a notification when you open an email from us or click on a link therein.

If you would like to stop receiving marketing or promotional communications via email from us, you may opt out of such communications by clicking the "Unsubscribe" button at the bottom of the email.

If you choose to correspond with us through email, we may retain the content of your email messages along with your email address and our responses. We also may send automated messages to you pertaining to your account, such as billing invoices and other notices. We provide the same protections for these electronic communications that we employ in the maintenance of information received by mail or telephone. We ask that you not provide us with confidential information such as social security or account numbers through unsecured email. You may also contact us by phone, U.S. mail, or by visiting our location.

Children

We do not provide services to children, as defined under applicable law. Our Website is not targeted or marketed to children. We respect the privacy of your children, and we comply with the practices established under the Children's Online Privacy Protection Act. We do not knowingly collect or retain personally identifiable information from children. If you believe that a child has provided their information to us through our Website or Services, please contact us at 800-775-6682 so that we can take steps to delete it.

Security of Your Personal Information

All our employees are responsible for safeguarding individual customer communications and information.

• We take reasonable precautions to protect personal information against unauthorized access. We require all personnel to protect the privacy of all forms of customer communications as well as individual customer records.
• We secure all customer personal information from unauthorized access, use, or disclosure with Secure Sockets Layers protocol (SSL). This technology encrypts, or scrambles, your information so it's virtually impossible to read by anyone other than employees at our Company. SSL technology secretly encodes information that is being sent over the Internet between your computer and our website, helping to ensure that the information remains confidential.
• We use SSL protocol to protect your personal information when you interact with a third-party website (such as when making a payment). Once the data is transmitted, the third party's policies will govern the protection of your personal information.

We strive to take appropriate, commercially acceptable security measures to protect against unauthorized access to or alteration of your personal information. While we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet that are beyond our control; and (b) security, integrity, and privacy of information and data exchanged between you and us through this Website cannot be guaranteed; and (c) no method of transmission over the internet, or method of electronic storage is one hundred percent secure. Any transmission of information over the internet is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Website by any person or entity.

CPNI Notice

Customer Proprietary Network Information ("CPNI") is created by our relationship with you as your telecommunications service provider. In the course of providing service to telephone customers, we collect information concerning the telephone services you purchase and how you use them. From time to time, we change our service offerings and make available additional features and services, which may enhance and augment the services to which you are already subscribed. In order for us to determine which customers may benefit from the new services and enhancements, we will use information about your account that is within our database, legally referred to as CPNI, unless you restrict that use in the manner described below.

CPNI includes any information on the quantity, technical configuration, type, destination, location, and amount of use of your service that we obtain because we are your telephone carrier. CPNI includes the type and quantity of certain telecommunications services you subscribe to and details about your calling activities, including call detail information such as the date and time of a call, the duration of a call, and call-originating and call-terminating phone numbers.

CPNI does not include the names, addresses, and telephone numbers published in telephone directories or information we obtain as a result of providing your cable or Internet service.

We may use your CPNI to provision your services, generate, bill, and collect for your services, respond to your requests, enforce our Terms of Service, and protect against fraudulent use of our network. We may use CPNI to recommend other products and services to you. We also may share your CPNI with our affiliates and third parties to market our services on our behalf. The CPNI rules permit our use of this information for these purposes, provided that we safeguard it from unauthorized access, use, or disclosure. We employ reasonable security measures to help protect your CPNI from unauthorized access, use, or disclosure. Use of CPNI is subject to federal laws and regulations.

Use of this data will allow us to tailor our service offerings to your individual needs. For this purpose, CPNI data will be used by us, our subsidiaries and our affiliates only. This data will not be shared by us with any other outside source except as necessary and required to provide the service(s) to which you are already subscribed unless we are legally compelled to.

We are committed to ensuring that only properly authorized individuals are able to access CPNI for legitimate purposes. This includes ensuring that any request by a "customer" to access CPNI is valid and properly authenticated, in accordance with applicable law and industry best practices.

You have a right under federal law to protect the confidentiality of your account information and restrict the use of CPNI data, and we have a responsibility to protect your data. To restrict the use of your CPNI data, please contact us at 800-775-6682 to request that we not utilize your CPNI data. Your denial of approval for us to use this data will not affect the provision of any services to which you subscribe. Your approval or denial of approval for the use of CPNI outside of the service to which you already subscribe will remain valid until you revoke or limit the approval or denial.

We are vigilant in our efforts to protect your CPNI. However, should we become aware that your CPNI has been accessed without proper authority, we will take swift action to fully document and address such unauthorized access and provide appropriate notice. In particular, we will (i) notify law enforcement (including the United States Secret Service and the Federal Bureau of Investigation) within seven business days; and (ii) notify you and any other affected customers within seven business days thereafter, unless earlier notification is necessary to avoid immediate and irreparable harm, or we are instructed by law enforcement personnel to refrain from providing such notice.

WiFi by NATCO Mobile Application Privacy Policy

What is covered by this Privacy Policy

WiFi by NATCO, which is powered by CommandIQ, is an application developed by Calix, Inc. for use by subscribers of broadband service providers (BSPs) who purchase cloud and software services from Calix, Inc. Calix, Inc. is a processor of (or service provider for) NATCO's subscriber personal information under applicable privacy and data protection laws. NATCO is the controller of (or business for) its subscriber personal information. In other words, NATCO determines how and why your information is processed. As such, subscribers should refer to NATCO's privacy notice for details on how we process subscriber personal information.

Privacy Policy applies for any use of the App

This Privacy Policy applies to the App described in the WiFi by NATCO Mobile Application End User License Agreement (the "Agreement"). Please read NATCO's privacy notice and this Privacy Policy carefully to understand how information collected by the App will be treated. If you do not agree with NATCO's privacy notice and this Privacy Policy, you should not install, use, or access the App.

Children Under the Age of 18

The App is not intended for children under 18 years of age, and on behalf of NATCO, Calix does not knowingly collect personal data of children under 18, without parental consent. If Calix learns that personal data from a child under 18 has been obtained or received without verification of parental consent, Calix will delete that information. If you believe Calix might have any information from or about a child under 18, please notify Calix by completing a Request Form (clicking the link will take you to TrustArc, whom Calix has engaged to assist with personal information requests).

How Calix Collects Your Information

On behalf of NATCO, Calix collects and processes information provided directly by you when you install the App and register for an account to use the App. Specifically, this information includes:

• Your name, email address, password/pin, preferred language, and your account number with NATCO;
• Information about the equipment deployed at your premises that you choose to connect to the App such as the MAC address, serial number or other unique identifier for your router;
• Data insights Calix attains based on correlation and analytics of your information collected in providing the App, and user-associated analytics to improve the quality of the app experience.

How Calix Uses the Information

On behalf of NATCO, Calix uses the information collected as described in this Privacy Policy, to:

• Provide you with the App and the Services/notifications provided through the App as described in the Agreement;
• Implement, improve and/or enhance the App or to provide App features, including to make future releases available to you;
• Carry out Calix's obligations as described or authorized in the Agreement, NATCO's privacy notice, and this Privacy Policy;
• Enforce Calix's rights arising from the Agreement between you and Calix; and
• Fulfill any other purpose authorized by you and reasonably required for the App.

NATCO may also use the information collected as described in this Privacy Policy, to inform you about goods and services that may be of interest to you.

Disclosure of Information

Calix does not sell or otherwise distribute or disclose your information to third parties other than as described or authorized in the Agreement, including this Privacy Policy.
Calix discloses the information to its subsidiaries, affiliates and certain third-party vendors and contractors that provide development, integration, web hosting and consulting services to Calix to provide you with the App, to maintain, support, develop, improve and/or enhance the App and to fulfill Calix obligations associated with the App.

Calix may be required to disclose information under certain circumstances:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
• To enforce Calix's rights arising from the Agreement entered into between you and Calix;
• If Calix believes disclosure is necessary or appropriate to protect the rights, property, or safety of Calix, its customers or other third parties; or
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Calix's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which your information and/or your subscriber information held by Calix are among the assets transferred.

Your Choices About Our Collection, Use, and Disclosure of Information

The provision of the information described in this Privacy Policy is necessary for you to use the App.

Your information is retained and used as described in this Privacy Policy. If you delete your account for the App in accordance with the terms of the Agreement, your information will be deleted within 30 days of the deletion of such account or within such other timeline as may be mandated by applicable law. You will no longer be able to access the App when your account is deleted.

Accessing and Correcting Information

You can (a) access and review your contact information, and (b) correct your contact information, by logging into the App and visiting the settings page. To access, review or correct any other information, please reach out to NATCO.

Data Security

All information you provide to us is stored on our secure servers behind firewalls. Calix utilizes mechanisms such as intrusion detection systems, intrusion prevention systems, firewalls and encryption to secure information from accidental loss and from unauthorized access, use, alteration, and disclosure.

Calix deploys Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to alert and proactively contain potential threats. Enhanced security visibility and coverage is enabled through added layers of firewall and IDS beyond the network perimeter. Management connections to servers are always authenticated and encrypted via Secure Shell (SSH) when administration access is required for troubleshooting, patch management, and upgrades.

Calix runs automated vulnerability scanning on all perimeter systems to identify potential security risks. Scanning applications are regularly updated to remain current and up to date on important security vulnerabilities. Patches are applied to all relevant systems unless a compensating control is implemented.

Calix uses a variety of industry-standard security technologies and best practices to help protect information from unauthorized access, use, or disclosure. All data stored on the Calix systems is encrypted following industry standards using the strongest keys and ciphers. All communications with the App are protected with industry standard security protocols.
You control access to your account. You must keep your login credentials and passwords secure, protected, and maintained as confidential. Calix is not responsible for any circumvention of any privacy settings or security measures provided.

Changes to Our Privacy Policy

We reserve the right to change, modify, or update this Privacy Policy at any time without notice. In the event of any modification, we will post the changes in this Privacy Policy so that you will always know what information we are gathering and how we might use that information. Accordingly, you should periodically visit this page to determine the current Privacy Policy to which you are bound.

Contact Information

For questions about your service, please contact NATCO directly. To ask questions or comment about this Privacy Policy and Calix's privacy practices for the Cloud Services provided to NATCO, contact NATCO or complete this Request Form (clicking the link will take you to TrustArc, whom Calix has engaged to assist with personal information requests).