Nuance Privacy Statement
This Privacy Statement (“Statement”) describes the personal data that Nuance collects, how we use it, and when we share it, as we interact with you, deliver our products and services, and conduct our business operations.
This Statement applies to Nuance Communications, Inc., its affiliates and any wholly owned subsidiaries worldwide, referred to in this Statement as “Nuance.” When we refer to Nuance products, we mean all Nuance products and services.
For the purposes of applicable data privacy legislation, the Nuance affiliate or subsidiary responsible for the collection and use of your personal data is either the affiliate or subsidiary with which you contract or engage, or the affiliate or subsidiary located in the country in which you reside. If you wish to confirm the identity of the responsible Nuance affiliate, you may contact us by completing the Privacy Request(Apri una nuova finestra) webform.
What Personal Data Do We Collect?
Nuance collects personal data when we deliver our products, conduct marketing, and run our business operations. The personal data we collect varies based upon whether the data is collected (i) through our websites or applications, including www.nuance.com(Apri una nuova finestra), shop.nuance.com(Apri una nuova finestra), www1.nuancepowershare.com(Apri una nuova finestra), www.nuancecommunity.force.com(Apri una nuova finestra), and www.mix.nuance.com(Apri una nuova finestra) (“Sites”) or (ii) through our products and services, including but not limited to our software, support services, voice recognition technology, and medical information products (“Products”).
We may collect personal data directly in the following situations:
Through our Products, we may collect personal data directly in the following situations:
Nuance may collect personal data indirectly in certain situations, in particular:
Why We Use Personal Data
We collect, process, use and store your personal information for the following business and commercial purposes in accordance with our legitimate business interests and legal requirements or with your consent where required:
Control Of Your Personal Data
You can change your preferences to opt out of marketing communications at any time by completing the Privacy Request(Apri una nuova finestra) webform. Alternatively, please follow the opt‑out instructions in the relevant communication. If you opt out, we will retain your email address to confirm that we do not send you further communications.
If your personal data has been collected by Nuance to review a proposed reseller or distributor relationship, you may contact us by completing the Privacy Request(Apri una nuova finestra) webform to request deletion of your data. We will respond to your request within a reasonable timeframe.
If you wish to access, correct, or request deletion of your Product Personal Data, you may contact us by completing the Privacy Request(Apri una nuova finestra) webform. Nuance generally processes Product Personal Data on behalf of our healthcare, enterprise, and corporate customers. If you contact us, we may direct your inquiry to our customer on whose behalf the Product Personal Data is being processed. We will make reasonable efforts to delete your Product Personal Data upon your request within a reasonable timeframe. Nuance may refuse your request to access, request or delete Product Personal Data where entitled to do so under applicable law.
If you have submitted Product Personal Data to Nuance using your own user account which allows you to control your own data, you may delete the data you submitted by logging into your account and following the guidelines in the help system.
Location Of Processing and Cross‑Border Transfers
Nuance operates in many countries. We may transfer personal data across international borders and may process personal data to other Nuance affiliates, Nuance’s parent corporation, or other companies performing support functions on our behalf (each as described above ) in countries and jurisdictions other than the location of original collection, including in countries and jurisdictions that are not subject to an adequacy decision by the European Commission or your national legislator or regulator, and that may not provide for the same level of data protection as your jurisdiction. In such cases, we ensure that the recipient offers an adequate level of protection and security, for instance by entering into the appropriate agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission or other applicable regulators or legislators. Where required by applicable law, we will only share, transfer or store your personal data outside of your jurisdiction with your prior consent.
General Data Protection Regulation ("GDPR")
Nuance has a range of privacy and security controls across its organizations to ensure compliance with the General Data Protection Regulation (GDPR), including, but not limited to:
Lawful bases for processing personal information (applies only in the European Economic Area)
We process personal information where one or more of the following conditions that are set out in the GDPR apply:
Transfers to third countries
Whenever Nuance transfers personal information beyond the country of origin, we will do so in accordance with applicable laws. In the context of its European operations, Nuance may transfer Personal Data abroad to other countries in the European Economic Area or to third countries. In reaction to the decision by the Court of Justice of the European Union issued on July 16th 2020, in its Case C‑311/18 Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (called “Schrems II case”) and in furtherance to the Recommendations 01/2020 issued by the European Data Protection Board on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, Nuance has evaluated the data transfers necessary for its multinational operations. Nuance will ensure that importers of any Personal Data offer an adequate level of protection, whether through an adequacy decision or appropriate safeguards under Article 46 of the GDPR.
To the extent Personal Data processed by Nuance would be transferred to a country, territory or sector outside the EEA that is not recognized by the European Commission as providing an ‘essentially equivalent´ level of protection to that which exists within the EU, Nuance will rely on EU Standard Contractual Clauses for transfers: (i) between Nuance affiliates, and (ii) to third parties. The EU Standard Contractual Clauses can be viewed on the European Commission’s website here. https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en(Apri una nuova finestra). As per the guidance of the European Data Protection Board, Nuance has implemented programs to review such data transfers and to employ additional safeguards when appropriate for the data processing required by law and our customer contracts.
With respect to personal data received or transferred, Nuance and its U.S. Subsidiaries are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Nuance complies with the EU-U.S. Data Privacy Framework (EU‑U.S. DPF), the UK Extension to the EU‑U.S. DPF, and the Swiss‑U.S. Data Privacy Framework (Swiss‑U.S. DPF) as set forth by the U.S. Department of Commerce. Nuance has certified to the U.S. Department of Commerce that it adheres to the EU‑U.S. Data Privacy Framework Principles (EU‑U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU‑U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU‑U.S. DPF. Nuance has certified to the U.S. Department of Commerce that it adheres to the Swiss‑U.S. Data Privacy Framework Principles (Swiss‑U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss‑U.S. DPF. In the context of an onward transfer, Nuance has responsibility for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on our behalf. Nuance remains liable under the DPF if our agent processes such personal information in a manner inconsistent with the DPF, unless Nuance can prove that we are not responsible for the event giving rise to the damage. If there is any conflict between the terms in this Statement and the EU‑U.S. DPF Principles and/or the Swiss‑U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the U.S. Department of Commerce’s Data Privacy Framework website(Apri una nuova finestra).
If you have a question or complaint related to participation by Nuance in the DPF Frameworks, we encourage you to contact us via our web form(Apri una nuova finestra). For any complaints related to the DPF Frameworks that Nuance cannot resolve directly, we have chosen to co‑operate with the relevant EU Data Protection Authority, or a panel established by the European data protection authorities, for resolving disputes with EU individuals, the UK Information Commissioner (for UK individuals) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) for resolving disputes with Swiss individuals. Please contact us if you’d like us to direct you to your data protection authority contacts. As further explained in the DPF Principles, binding arbitration is available to address residual complaints not resolved by other means. Nuance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Security and Retention
We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received. Information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using current PCI‑DSS standards. If Nuance has issued you a password, you are responsible for keeping the password confidential.
We store personal data to the extent necessary to provide Products to our customers. Generally, we retain personal data for as long as you remain an active customer or user of our Sites and Services and for 3 years afterwards, or otherwise as required for our business operations or by applicable laws. We will permanently destroy biometric data when the initial purpose for collecting or obtaining such data has been satisfied, or within 3 years of your last interaction with us, whichever occurs first. Different retention of personal data may be necessary under contractual terms with the data controller for whom we provide services, for fraud prevention, to identify technical problems, or to resolve legal proceedings.
We may retain non‑personally identifiable aggregate information beyond this time for research purposes and to help us improve and further develop our Products. You cannot be identified from aggregate information retained or used for these purposes. Where we process personal information for marketing or business analytic purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in the future.
If a Nuance customer puts Nuance voice recognition Product technology in a customer product or service that is likely to be accessed by children, Nuance may receive speech data from product users to provide voice recognition to the user. This is a function of how Nuance’s voice technology works. This means that if the user is under the age of 16, Nuance may receive personal data from children under the age of 16. It is the responsibility of the Nuance customer to obtain any consents required under applicable law, including under the Children’s Online Privacy Protection Act and relevant data protection laws, for the collection of such personal data.
Nuance does not sell services to children and, except as described in the preceding paragraph, Nuance does not knowingly collect personal data directly from children under the age of 16. Nuance has adopted a policy that Nuance will not provide hosted services to primarily child-directed websites and online services. No child under 16 should directly submit personal data to Nuance. If you become aware that a child under the age of 16 has submitted personal data to Nuance except as described in the preceding paragraph, please inform us by completing the Privacy Request (Apri una nuova finestra) webform and we will promptly delete the data.
European Union, United Kingdom, and Switzerland residents rights
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete data which we are required by law to keep or have compelling legitimate interests in keeping.
You can exercise the rights listed above, or write to us with any complaints, at any time by contacting us, specifying the nature of your request, at:
Chief Privacy Officer
Nuance Communications, Inc.
15 Wayside Road
Burlington MA 01803
1-866-384-4277 (Issue Type is “Privacy”)
Data Protection Officer
Nuance Communications Ireland, Ltd
The Harcourt Building, 4th Floor
57B Harcourt Street
Dublin 2, D02 F721
If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority.
California Residents Rights
If you are a California resident, as defined in the California Code of Regulations, you have rights under the California Consumer Privacy Act of 2018 ("the CCPA") as amended by the California Privacy Rights Act of 2020 (“CPRA”). Below are the disclosures about your personal data and a description of your rights.
Categories of information we collect and disclose for a business purpose
We may collect the following categories of personal information, as defined in the CCPA, from you in connection with the products and services you have purchased from Nuance. In addition, during the past twelve months, we may have disclosed these categories of personal information for a business purpose:
According to California law, personal information does not include:
Other disclosures about your personal information
This Statement provides additional disclosures about your personal information as required by the CCPA and/or CPRA. Refer to the following sections to learn more about the sources of personal data we collect, the business or commercial purposes for which we use personal data, and the categories of third parties with whom we share personal data.
Your Rights and Choices
In addition to the above, the CCPA and CPRA provides you with specific rights regarding your personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request, up to 2 times a year, that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
We do not provide these access and data portability rights for B2B personal information. You may send us a request to correct inaccurate personal information.
Deletion or Correction Request Rights
You have the right to request that we delete or correct your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) or correct, as applicable, your personal information from our records, unless an exception applies. We will use commercially reasonable efforts to correct inaccurate information upon your request.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
We do not provide these deletion rights for B2B personal information.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA‑permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Limit Use and Disclosure of Sensitive Personal Information
You shall have the right to limit use and disclosures of your sensitive personal information to that use which is necessary to perform the services or deliver the goods, unless you subsequently provide consent for our use or disclosure of your sensitive personal information for additional purposes. Our collection and processing of sensitive personal information without the purpose of inferring characteristics about you is not subject to this right.
Exercising Your Rights
You may only make a verifiable consumer request for access or data portability twice within a 12‑month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. An authorized agent may make a request on your behalf if: (a) the agent is registered with the California Secretary of State to conduct business in California, has your written permission to submit the request, and verifies their identity in accordance with the verification process; or (b) you have provided the agent with power of attorney to act on your behalf. We will respond to your request within 45 calendar days, after proper verification, unless we need additional time, in which case we will let you know.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
You can also exercise the rights listed above, or write to us with any complaints, at any time by contacting us, specifying the nature of your request, at:
Data Protection Officer or Chief Privacy Officer
Nuance Communications, Inc.
15 Wayside Road
Burlington MA 01803
1-844-931-2038 (Issue Type is “Privacy”)
Please note that recent changes to the CCPA and other U.S. state data privacy laws were set to take effect in 2023; however, the rules implementing some of these laws have not yet been finalised. We are continuously working to better comply with these laws, and we will update our processes and disclosures as these implementing rules are finalised.
Nuance Employees and Contingent Workers
This Privacy Statement does not cover Nuance’s collection of personal data from employees and contingent workers, which is described in a separate HR Privacy Statement made available to Nuance personnel.
Notice At Collection
You have a right to receive notice of our practices at or before the point of collection. We may process your personal data for legitimate business purposes, including but not limited to:
Refer to the following sections to learn more about the business or commercial purposes for which we use your personal data, the categories of third parties with whom we share personal data and how to opt‑out, and information regarding our retention practices.
We never sell, share, or transfer your data to third parties for the third party’s own purposes.
Changes To This Privacy Statement
We may update this Privacy Statement from time to time by publishing an updated version on Nuance's Sites. Each updated version will include the date the statement was last updated. Please review the latest version of this Privacy Statement periodically to keep current with Nuance’s use of personal data. If we make material changes in the way Nuance uses or shares personal data, we will publish the updates on our Sites. Any such material changes will only apply to personal data collected after the revised Privacy Statement takes effect.
Updated: January 1, 2024.