Last Updated: 01 October 2018
Xactware Solutions, Inc. (“Xactware”) respects your concerns about privacy. Xactware has certified that, for its technology support services, including network, host, or infrastructure configuration and maintenance the company abides by the Privacy Shield Principles as set forth by the U.S. Department of Commerce regarding the collection, storage, use, transfer, and other processing of Personal Data transferred from the European Economic Area (“EEA”) to the United States. This Policy outlines our general practices for implementing the Privacy Shield Principles for Consumer Personal Data.
For purposes of this Policy:
“Consumer” means any natural person who is located in the EEA.
“Customer” means any entity that purchases or otherwise obtains products or services from Xactware.
“Personal Data” means any information, including Sensitive Data, that (i) is transferred to Xactware in the U.S. from the EEA, (ii) is recorded in any form, (iii) relates to an identified or identifiable Consumer, and (iv) can be linked to that individual.
“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual, or the disposal of such proceedings, or the sentence of any court in such proceedings.
Xactware’s EU-U.S. Privacy Shield certification can be found at https://www.privacyshield.gov/participant. For more information about the Privacy Shield principles, please visit https://www.privacyshield.gov. For more information about Xactware’s processing of Personal Data collected from Consumers on www.xactware.com, please visit Xactware’s Privacy Notice.
How Xactware Obtains Personal Data
Xactware’s practices regarding the collection, storage, use, transfer, and other processing of Personal Data comply, as appropriate, with the Privacy Shield principles of notice, choice, onward transfer, access, security, data integrity, enforcement and oversight.
Xactware provides information in this Policy regarding its Consumer Personal Data practices including the purposes for which Xactware collects and uses Consumer Personal Data.
When Xactware acts as a service provider (data processor) for its Customers, and Consumer data is transferred to the United States, Xactware’s Customers are responsible for providing appropriate notice to their Consumers and obtaining any requisite consent. Privacy notices pertaining to specific data processing activities also may contain relevant information.
When Xactware collects Personal Data directly from Consumers, it offers Consumers the opportunity to choose whether Xactware may (i) disclose their Personal Data to certain third parties or (ii) use their Personal Data for purposes incompatible with the purposes for which the information was originally collected or subsequently authorized by the individual. Consumers may contact Xactware as indicated below regarding the company’s use or disclosure of their Personal Data.
When Xactware maintains Personal Data about Consumers with whom Xactware does not have a direct relationship because Xactware obtained or maintains the Consumers’ data as a service provider for its Customers, Xactware’ Customers are responsible for providing the relevant individuals with certain choices with respect to the Customers’ use or disclosure of the individual’s Personal Data.
Xactware may disclose Personal Data without offering an opportunity to opt out (i) to service providers the company has retained to perform services on its behalf, (ii) if it is required to do so by law or legal process, (iii) to law enforcement or other government authorities, or (iv) when Xactware believes disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity. Xactware also reserves the right to transfer Personal Data in the event it sells or transfers all or a portion of its business or assets (including in the event of a reorganization, dissolution or liquidation). Should such a sale or transfer occur, Xactware will use reasonable efforts to direct the transferee to use the Personal Data in a manner that is consistent with Xactware’ privacy policies.
Xactware uses Personal Data only for the purposes indicated in this Statement unless it has a legal basis, such as consent, to use it for other purposes. To the extent required by law, Xactware obtains prior opt-in consent at the time of collection for the processing of (i) Personal Data for marketing purposes and (ii) Sensitive Data.
Onward Transfer of Personal Data
Xactware may share Consumer Personal Data with third parties as indicated in the “Choice” section above. Except as permitted or required by applicable law, Xactware requires third parties to whom it discloses Personal Data and who are not subject to the European Union Data Protection Directive 95/46 or an adequacy finding to either (i) subscribe to the relevant Privacy Shield principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Privacy Shield principles.
Where appropriate, Xactware provides Consumers with reasonable access to the Personal Data Xactware maintains about them. Xactware also provides a reasonable opportunity for Consumers to correct, amend or delete that information where it is inaccurate, as appropriate. Xactware may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Privacy Shield principles. The right to access Personal Data also may be limited in some circumstances by local law requirements. Consumers may request access to their Personal Data by contacting Xactware as indicated below.
When Xactware maintains Personal Data about Consumers with whom Xactware does not have a direct relationship because Xactware obtained or maintains the Consumers’ data as a service provider for its Customers, Xactware’ Customers are responsible for providing Consumers with access to the Personal Data and the right to correct, amend or delete the information where it is inaccurate. In these circumstances, Consumers should direct their questions to the appropriate Xactware Customer. When a Consumer is unable to contact the appropriate Customer, or does not obtain a response from the Customer, Xactware will provide reasonable assistance in forwarding the individual’s request to the Customer.
Xactware takes reasonable precautions to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction.
Xactware takes reasonable steps to ensure that the Personal Data the company processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete, and current. In this regard, Xactware depends on its Consumers and Customers (with respect to Personal Data of Consumers with whom Xactware does not have a direct relationship) to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals. Consumers (and Customers, as appropriate) may contact Xactware as indicated below to request that Xactware update or correct relevant Personal Data.
Recourse, Enforcement and Oversight
If a Consumer complaint cannot be resolved through Xactware’s internal processes, Xactware will cooperate with JAMS pursuant to the JAMS International Mediation Rules, which are accessible on the JAMS website at https://www.jamsadr.com/eu-us-privacy-shield. Consumers may, in certain circumstances, invoke binding arbitration as a solution to their complaint.
JAMS mediation may be commenced as provided for in the JAMS International Mediation Rules. The mediator may propose any appropriate remedy, such as publicity for findings of non-compliance, payment of compensation for losses incurred as a result of non-compliance, or cessation of processing of the Personal Data of the Consumer who has brought the complaint. Xactware will assume the costs of the administrative fees if the mediator makes a written recommendation that finds Xactware in breach of its duties pursuant to the Privacy Shield. The mediator or the Consumer also may refer the matter to the U.S. Federal Trade Commission, which has Privacy Shield enforcement jurisdiction over Xactware.
In the context of an onward transfer, Xactware has a responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Xactware shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Xactware proves that it is not responsible for the event giving rise to the damage.
When Xactware maintains Personal Data about Consumers with whom Xactware does not have a direct relationship because Xactware obtained or maintains the Consumers’ data as a service provider for its Customers, Consumers may submit complaints concerning the processing of their Personal Data to the relevant Customer, in accordance with the Customer’s dispute resolution process. Xactware will participate in this process at the request of the Customer or the Consumer. If the issue cannot be resolved through the Customer’s internal dispute resolution mechanism, the Consumer may submit the complaint to the relevant data protection authority in the EEA.
How to Contact Xactware
Attn: Privacy Shield Coordinator
New London House
6 London Street
Attn: Privacy Shield Coordinator
1100 West Traverse Parkway
Lehi, UT 84043