1. Privacy Is Our Priority
2. An Important Distinction—Controller vs. Processor
In the context of IT services, it is often the case that the customer is a controller, and the IT service provider acts as a processor on its behalf. For the purpose of compliance under Article 4 of the EU General Data Protection Regulation (GDPR), we are the Data Processor, and our Subscribers and Users are the Data Controllers. This distinction is important for compliance as stated under Article 28(1) of the EU GDPR. As the Data Processor we don’t mine, sell, share, or “control” your data or what happens to it beyond any purpose not consistent with the exhibit-E Service and Terms and Conditions.
We are largely unaware of the Subscriber Data that is actually being stored or made available by a Subscriber or User to the Service, and we do not directly access such Subscriber Data, except as authorized by the Subscriber or as necessary to provide Services to the Subscriber and its Users.
exhibit-E is not responsible for the content of the Personal Data contained in the Subscriber Data or other information stored on its servers (or its subcontractors’ servers) at the discretion of the Subscriber or User, nor is exhibit-E responsible for the manner in which the Subscriber or User collects, handles disclosure of, distributes, or otherwise processes such information.
3. The Type of Information and Data We Collect
4. Credit-Card and User-Provided Information
4.1. User-Provided Information. When you use the Service, you may provide and we may collect Personal Data. Examples of Personal Data include name, email address, mailing address, mobile-phone number, and credit card or other billing information. To activate an exhibit-E account you must provide certain information for identification and verification, such as your name; your credit, debit, or other card number, the card’s expiration date; and the CVV code. This information is encrypted and sent to your card network, which upon approval activates your account without exposing your card number. We use a third party resource (Braintree) for credit card processing for monthly service fee. Braintree is owned by PayPal and is PCI compliant. This category of company operates with significant financial-sector regulations, like PCI compliance.
4.2. Information Collected by Subscribers or Users. A Subscriber or User may store or upload information into the Service Subscriber Data. We have no direct relationship with the individuals whose Personal Data it hosts as part of Subscribers Data. Each Subscriber is responsible for providing notice to its customers and third parties concerning the purpose for which the Subscriber collects their Personal Data and how this Personal Data is processed in or through the Service as part of Subscriber Data.
5. Integrated Services
6. How We Use the Information and Data We Collect
For personal data subject to the GDPR, we rely on several legal bases to process the data. These include your consent, which you may withdraw at anytime by email at firstname.lastname@example.org and you can also edit or remove your personal data using your account settings; the processing necessary to perform our legitimate Services, such as improving, personalizing, and developing the Services; marketing new features or products that may be of interest to our subscribers; and promoting safety and security.
The information you provide to us when subscribing to our exhibit-E Service or visiting our website may be used in the following ways:
6.1. Operation of the Service. We use the information to operate, maintain, enhance, and provide all features of the Service; to provide the services and information that you request; to respond to comments and questions; and to provide support to users of the Service.
We process Subscriber Data solely in accordance with the directions provided by the applicable Subscriber or User and to provide you with information about other goods and services we offer similar to those you have already purchased or inquired about, to notify you about changes to our service, to provide marketing information to you, and for the purposes of customer support and billing services.
You have the ability to opt out of receiving any promotional communications as described below under “Your Choices.”
6.2. Improvements. We use the information to improve our website and Services to ensure content is presented in the most effective manner for you and your computer.
We take measures to protect the technical information collected by our use of Google Analytics. The data collected will be used only on a need-to-know basis to resolve technical issues, administer the Site, and identify visitor preferences, but in these cases, the data will be in non-identifiable form. We do not use any of this information to identify Subscribers, Visitors, or Users.
7. To Whom We Disclose Information
Except as described in this Policy, we will not intentionally disclose to the third parties the Personal Data or Subscriber Data that we collect or store on the Service, unless we have the consent of the applicable Subscriber. We may disclose information to third parties with your consent, as well as in the following circumstances:
7.1. Service Providers (Processors). We work with a few third-party service providers, and all are Privacy Shield certified, PCI compliant, and/or GDPR compliant. The services they provide are for the purposes of processing data, credit card processing, and hosting and backup services. These third parties may have access to or process Personal Data or Subscriber Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.
7.2. Law Enforcement, Legal Process, and Compliance. We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, such as in response to a valid court order or to a judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.
8. Your Choices
8.1. Accessing, Editing, and Deleting. We respect your privacy rights and provide you with account settings and tools for reasonable access to the Personal Data that you may have provided through your use of the Services. If you wish to access or amend any other Personal Data we hold about you, or to request that we delete or transfer any information about you that we have obtained from an Integrated Service, you may contact us as set forth in the “How to Contact Us” section. At your request, we will have any reference to you deleted or blocked in our database. If you live in the European Economic Area, United Kingdom, or Switzerland, you have a number of legal rights with respect to your information, which your Account Settings and tools allow you to exercise.
You may update, correct, or delete your Account information and preferences at any time by accessing your Account Settings page on the Service. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Service.
At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data-protection laws has been infringed upon, please contact our support team at email@example.com or call (212) 625 9910. You also have a right to lodge a complaint with data-protection authorities.
8.2. Navigation Information. If you do not want your navigation information about your visit to the Site collected by Google Analytics, you may opt out by using the Google Analytics opt out feature.
8.3. Opting Out from Commercial Communications. If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the “How to Contact Us” section. Please be aware that if you opt out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request. Additionally, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.
We have no direct relationship with the Subscriber’s customers or third party whose Personal Data we may process on behalf of a Subscriber. An individual who seeks access, or who seeks to correct data, amend data, delete inaccurate data, or withdraw consent for further contact, should direct his or her query to the Subscriber or User he or she deals with. If the Subscriber requests exhibit-E to remove the data, we will respond to its request within thirty (30) days. We will delete, amend, or block access to any Personal Data that we are storing only if we receive a written request to do so from the Subscriber that is associated with the account and is responsible for such Personal Data, unless we have a legal right to retain such Personal Data. We reserve the right to retain a copy of such data for archiving purposes or to defend our rights in litigation. Any such request regarding Subscriber Data should be addressed as indicated in the “How to Contact Us” section, and include sufficient information for exhibit-E to identify the Client or its Subscriber or third party and the information to delete or amend.
9. Third-Party Service
The Service may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if such sites or services are accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service, unless the websites or services are part of our own “Family of Companies.” We encourage you to learn about third parties’ privacy and security policies before providing them with information.
10. Data Security
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical, and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing the Personal Data in our possession. This includes, for example, firewalls, password protection, and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet, and we also employ application-layer security features to further anonymize Personal Data.
Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. However, no method of transmission over the internet, or method of electronic storage, is 100 percent secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your Personal Data has been compromised, please contact us as set forth in the “How to Contact Us” section.
If we learn of a security-systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.
11. Data Retention
We retain only the Personal Data collected from a User for as long as the Subscriber and User’s account is active, or otherwise for a limited period of time, as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. The contents of closed accounts are deleted within three months of the date of closure (unless other arrangements are made in agreement with the Subscriber and us); backups are kept for one year.
12. Data Transfer
The Service is hosted in the United States. If you choose to use the Service from the European Union or other regions of the world whose laws governing data collection and use differ from U.S. law, then please note that you may be transferring your Subscriber Data and Personal Data outside of those regions to the United States for storage and processing by our service providers listed in the exhibit-E Terms and Conditions. We will comply with GDPR requirements to provide adequate protection for the transfer of personal information from Europe to the U.S. Also, we may transfer your data to the U.S., the EEA, or other countries or regions deemed by the European Commission to provide adequate protection of personal data in connection with the storage and processing of data, fulfilling your requests, and operating the Service.
13. How to Contact Us
Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at firstname.lastname@example.org. If you have any concerns or complaints about this Policy or your Personal Data, you may contact us by email at email@example.com or call (212) 625 9910.
Dated: May 24, 2018