Privacy Policy

Welcome, and thank you for visiting exhibit-E (“exhibit-E,” “we,” or “us”), our website at https://www.exhibit-e.com (the “Site”), and all related websites, mobile applications (including phone/tablet applications), and the services provided by us and made available through the Site (collectively, the “exhibit-E Service” or “Service”). By using any of exhibit-E’s Services, you confirm you have agreed to the Terms and Conditions (available here), and read and understood this Privacy Policy.

1. Privacy Is Our Priority

We value your privacy and appreciate that you are trusting us with information that is important to you. This Privacy Policy clearly describes our data practices, such as our data retention, and how you can use your account settings to manage your data. We believe in regulatory compliance for the benefit of visitors to our site and of our customers (“Subscribers” and “Users”), and this Privacy Policy (“Policy”) is designed to make our data-processing activities as transparent as possible. We have described below what personal information we collect, what we do with it, the controls we give you over your information, and the measures we take to keep it safe.

This Policy may be updated from time to time for any reason. We will notify you of any significant changes to our Privacy Policy by posting the new Policy on our Site or on or through the exhibit-E Service.

2. An Important Distinction—Controller vs. Processor

In the context of IT services, it is often the case that the customer is a controller, and the IT service provider acts as a processor on its behalf. For the purpose of compliance under Article 4 of the EU General Data Protection Regulation (GDPR), we are the Data Processor, and our Subscribers and Users are the Data Controllers. This distinction is important for compliance as stated under Article 28(1) of the EU GDPR. As the Data Processor we don’t mine, sell, share, or “control” your data or what happens to it beyond any purpose not consistent with the exhibit-E Service and Terms and Conditions.

We are largely unaware of the Subscriber Data that is actually being stored or made available by a Subscriber or User to the Service, and we do not directly access such Subscriber Data, except as authorized by the Subscriber or as necessary to provide Services to the Subscriber and its Users.

exhibit-E does not collect or determine the use of any Personal Data contained in the Subscriber Data, and it does not determine the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such Personal Data. Therefore exhibit-E is not acting in the capacity of data controller in terms of the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”) and does not have the associated responsibilities under the GDPR. exhibit-E should be considered only as a processor on behalf of its Subscribers and Users as to any Subscriber Data containing Personal Data that is subject to the requirements of the GDPR. Except as provided in this Privacy Policy, exhibit-E does not independently transfer or otherwise make available to third parties Subscriber Data containing Personal Data stored in connection with the Services, except to third-party subcontractors that may process such data on behalf of exhibit-E in connection with exhibit-E’s provision of Services to Subscriber. Such actions are performed or authorized only by the applicable Subscriber or User.

exhibit-E is not responsible for the content of the Personal Data contained in the Subscriber Data or other information stored on its servers (or its subcontractors’ servers) at the discretion of the Subscriber or User, nor is exhibit-E responsible for the manner in which the Subscriber or User collects, handles disclosure of, distributes, or otherwise processes such information.

3. The Type of Information and Data We Collect

We do not collect your personal information, such as names and mailing or email addresses, unless you knowingly provide it when subscribing to our exhibit-E Service. If you contact us through support, we collect the information you submit, such as your name, contact information, and message. By using the website and exhibit-E Service, you agree to be bound by our Privacy Policy and the website Terms and Conditions. Our processing of a Subscriber’s personal data is fundamentally necessary for providing the Service in accordance with our Terms and Conditions and is carried out in exhibit-E’s legitimate interests, which are further explained in the section “How We Use the Information and Data We Collect” of this Policy.

4. Credit-Card and User-Provided Information

4.1. User-Provided Information. When you use the Service, you may provide and we may collect Personal Data. Examples of Personal Data include name, email address, mailing address, mobile-phone number, and credit card or other billing information. To activate an exhibit-E account you must provide certain information for identification and verification, such as your name; your credit, debit, or other card number, the card’s expiration date; and the CVV code. This information is encrypted and sent to your card network, which upon approval activates your account without exposing your card number. We use a third party resource (Braintree) for credit card processing for monthly service fee. Braintree is owned by PayPal and is PCI compliant. This category of company operates with significant financial-sector regulations, like PCI compliance.

4.2. Information Collected by Subscribers or Users. A Subscriber or User may store or upload information into the Service Subscriber Data. We have no direct relationship with the individuals whose Personal Data it hosts as part of Subscribers Data. Each Subscriber is responsible for providing notice to its customers and third parties concerning the purpose for which the Subscriber collects their Personal Data and how this Personal Data is processed in or through the Service as part of Subscriber Data.

5. Integrated Services

Our exhibit-E Service integrates with galleryManager, our cloud based inventory management Service. So if a Subscriber also has a galleryManager account, the Subscriber or User has the option to push content from its galleryManager account to its exhibit-E website. This is part of our mission to make the administration of the galleries’ websites easier and more efficient, as both systems can be managed from the same dashboard. As you review our Privacy Policy, keep in mind that it applies to all our brands, products, and services that may have a separate privacy policy or that link to this policy, which we call “Our Family of Companies” or “Services.”

6. How We Use the Information and Data We Collect

For personal data subject to the GDPR, we rely on several legal bases to process the data. These include your consent, which you may withdraw at anytime by email at support@exhibit-e.com and you can also edit or remove your personal data using your account settings; the processing necessary to perform our legitimate Services, such as improving, personalizing, and developing the Services; marketing new features or products that may be of interest to our subscribers; and promoting safety and security.

The information you provide to us when subscribing to our exhibit-E Service or visiting our website may be used in the following ways:

6.1. Operation of the Service. We use the information to operate, maintain, enhance, and provide all features of the Service; to provide the services and information that you request; to respond to comments and questions; and to provide support to users of the Service.

We process Subscriber Data solely in accordance with the directions provided by the applicable Subscriber or User and to provide you with information about other goods and services we offer similar to those you have already purchased or inquired about, to notify you about changes to our service, to provide marketing information to you, and for the purposes of customer support and billing services.

You have the ability to opt out of receiving any promotional communications as described below under “Your Choices.”

6.2. Improvements. We use the information to improve our website and Services to ensure content is presented in the most effective manner for you and your computer.

6.3. Cookies. Cookies are small files of information that are stored on your computer’s hard drive by your Web browser. The cookies we use do not contain any personal information. Most Web browsers automatically accept cookies, but you can set your browser so that you will not receive cookies and you can also delete existing cookies from your browser. In order to use all the features of the website, we recommend that you accept cookies. To provide a better Web experience, we, like so many website providers, use third-party Web analytics tools, including Google Analytics. You may opt out of Google’s use of cookies by visiting the Google Analytics opt-out page.

6.4. Analytics. We use Google Analytics to measure and evaluate access to and traffic on the Public Area of our website. Google operates independently from us and has its own privacy policy, which we strongly suggest you review. Google may use the information collected through Google Analytics to evaluate Users’ and Visitors’ activity on our Site. For more information, see Google Analytics Privacy and Data Sharing.

We take measures to protect the technical information collected by our use of Google Analytics. The data collected will be used only on a need-to-know basis to resolve technical issues, administer the Site, and identify visitor preferences, but in these cases, the data will be in non-identifiable form. We do not use any of this information to identify Subscribers, Visitors, or Users.

7. To Whom We Disclose Information

Except as described in this Policy, we will not intentionally disclose to the third parties the Personal Data or Subscriber Data that we collect or store on the Service, unless we have the consent of the applicable Subscriber. We may disclose information to third parties with your consent, as well as in the following circumstances:

7.1. Service Providers (Processors). We work with a few third-party service providers, and all are Privacy Shield certified, PCI compliant, and/or GDPR compliant. The services they provide are for the purposes of processing data, credit card processing, and hosting and backup services. These third parties may have access to or process Personal Data or Subscriber Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.

7.2. Law Enforcement, Legal Process, and Compliance. We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, such as in response to a valid court order or to a judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.

7.3. Change of Ownership. Information about Subscribers and Users, including Personal Data, may be disclosed and otherwise transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the Subscriber information commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy.

8. Your Choices

8.1. Accessing, Editing, and Deleting. We respect your privacy rights and provide you with account settings and tools for reasonable access to the Personal Data that you may have provided through your use of the Services. If you wish to access or amend any other Personal Data we hold about you, or to request that we delete or transfer any information about you that we have obtained from an Integrated Service, you may contact us as set forth in the “How to Contact Us” section. At your request, we will have any reference to you deleted or blocked in our database. If you live in the European Economic Area, United Kingdom, or Switzerland, you have a number of legal rights with respect to your information, which your Account Settings and tools allow you to exercise.

You may update, correct, or delete your Account information and preferences at any time by accessing your Account Settings page on the Service. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Service.

At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data-protection laws has been infringed upon, please contact our support team at support@exhibit-e.com or call (212) 625 9910. You also have a right to lodge a complaint with data-protection authorities.

This provision does not apply to Personal Data that is part of Subscriber Data. In this case, the management of the Subscriber Data is subject to the Subscriber’s own Privacy Policy, and any request for access, correction, or deletion should be made to the Subscriber responsible for the uploading and storage of such data into the Service.

8.2. Navigation Information. If you do not want your navigation information about your visit to the Site collected by Google Analytics, you may opt out by using the Google Analytics opt out feature.

8.3. Opting Out from Commercial Communications. If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the “How to Contact Us” section. Please be aware that if you opt out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request. Additionally, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.

We have no direct relationship with the Subscriber’s customers or third party whose Personal Data we may process on behalf of a Subscriber. An individual who seeks access, or who seeks to correct data, amend data, delete inaccurate data, or withdraw consent for further contact, should direct his or her query to the Subscriber or User he or she deals with. If the Subscriber requests exhibit-E to remove the data, we will respond to its request within thirty (30) days. We will delete, amend, or block access to any Personal Data that we are storing only if we receive a written request to do so from the Subscriber that is associated with the account and is responsible for such Personal Data, unless we have a legal right to retain such Personal Data. We reserve the right to retain a copy of such data for archiving purposes or to defend our rights in litigation. Any such request regarding Subscriber Data should be addressed as indicated in the “How to Contact Us” section, and include sufficient information for exhibit-E to identify the Client or its Subscriber or third party and the information to delete or amend.

9. Third-Party Service

The Service may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if such sites or services are accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service, unless the websites or services are part of our own “Family of Companies.” We encourage you to learn about third parties’ privacy and security policies before providing them with information.

10. Data Security

We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical, and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing the Personal Data in our possession. This includes, for example, firewalls, password protection, and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet, and we also employ application-layer security features to further anonymize Personal Data.

Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. However, no method of transmission over the internet, or method of electronic storage, is 100 percent secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your Personal Data has been compromised, please contact us as set forth in the “How to Contact Us” section.

If we learn of a security-systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.

11. Data Retention

We retain only the Personal Data collected from a User for as long as the Subscriber and User’s account is active, or otherwise for a limited period of time, as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. The contents of closed accounts are deleted within three months of the date of closure (unless other arrangements are made in agreement with the Subscriber and us); backups are kept for one year.

12. Data Transfer

We may transfer, process, and store Personal Data we collect through the Services in centralized databases and with service providers located in the U.S. The U.S. may not have the same data-protection framework as the country from which you may be using the Services. When we transfer Personal Data to the U.S., we will protect it as described in this Privacy Policy.

The Service is hosted in the United States. If you choose to use the Service from the European Union or other regions of the world whose laws governing data collection and use differ from U.S. law, then please note that you may be transferring your Subscriber Data and Personal Data outside of those regions to the United States for storage and processing by our service providers listed in the exhibit-E Terms and Conditions. We will comply with GDPR requirements to provide adequate protection for the transfer of personal information from Europe to the U.S. Also, we may transfer your data to the U.S., the EEA, or other countries or regions deemed by the European Commission to provide adequate protection of personal data in connection with the storage and processing of data, fulfilling your requests, and operating the Service.

13. How to Contact Us

Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at support@exhibit-e.com. If you have any concerns or complaints about this Policy or your Personal Data, you may contact us by email at support@exhibit-e.com or call (212) 625 9910.

Dated: May 24, 2018