Last updated: 31 Jan 2019 What’s new?
Certain Xerago’s products and services may have additional specific privacy notices that describe how we handle Personal Data for those products and services. If any other privacy notice conflicts with this Privacy Statement, such specific notice will take precedence.
The purpose of this policy is to protect the privacy of individuals who have sensitive information stored (either in electronic or paper form) on assets owned by Xerago, while at the same time providing Xerago, the ability to share this information with authorized entities as required by legitimate clients or business need or by law.
Xerago receives personal and sensitive data from multiple sources. Most often, Xerago gets this data directly from the data shared by our clients who have taken your consent for their marketing campaigns
We process two main types of personal data.
Our Clients / Customers are the controller of Data from them. Xerago is the processor of Data provided by the Client / Customer’ and the controller of ‘Other Data’.
As customers, you provide data to us for processing as part of usage of our services.
Data from the Customers / Clients may be processed by us as a result of customer’s use of the Services when our customers input information into the Service. For example,
Data processed through ‘Customer Cloud’ includes name, phone number, Email Id, Address, Device Id, Bank account number, account type, account start date and transactional data based on objective for Xerago’s customer organization use our ‘Customer Cloud’.
Log data: Our servers automatically collect information when you access or use our applications and services. This data is recorded in log files. Examples of such data include IP Address.
Subscription data: You provide personal data to us as part of signing up for our newsletter on our websites. We may also collect personal information from you when you use interactive features of the Websites, promotions, requesting customer support, or otherwise communicating with us.
Get in touch / Contact us data: When you enquire about our platforms and professional services, we collect and store this data to communicate with you and respond to your enquiry.
Job applicant’s data: When you submit your name, contact details and resume to apply for any job openings at Xerago
Customer Data will be used by Xerago in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and as required by applicable law. Xerago is a processor of Customer Data and Customer organization is the controller.
Other Data is used by us to provide our services, send our newsletters and to communicate with you by responding to your requests, comments and questions.
Xerago will not share your information with third parties except:
We have established lawful basis to process your personal data. We also use your consent as bases for lawfully processing your personal data.
We process your personal data only when we have a lawful basis. Presently, we use the Performance of Contract (i.e. to deliver the services to our customers) and consent as the lawful basis for processing. For certain processing, we may also use legitimate interests as provided under the Data Protection Regulations.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
Where you have consented to a particular processing, you have a right to withdraw the consent at any time.
We only process Customer Data on behalf of our customers and in accordance with their instructions provided in the applicable Services agreement with us. We use the data that we have about you to provide our services and provide support to you. In each case, Xerago processes such information only in so far as is necessary or appropriate to fulfil the purpose of the interaction with our services.
We may send you service related messages or marketing / promotional materials. You may choose to restrict the collection or use of your personal information
We will update you with improvements in our services, new features and from time to time also carry out direct marketing of our products and services. Direct marketing is carried out only if you consent to receiving such communications from us.
Xerago Website and Services do not knowingly collect personal information from users under the age of 16
If you are under the age of 16, you are not permitted to use our Website and Services or to disclose Personal Information. If we learn we have collected or received Personal Information from a child under 16, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us.
Customer Data – We retain your information for as long as you have an active Services account. We may also retain your personal information for extended period under applicable statutory laws.
Xerago will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and as required by applicable law. When you decide to close your account, we delete all personal information about you.
You can request to access, update or correct your personal information. You also have the right to object to direct marketing.
You may have additional rights pursuant to your local law applicable to the processing. For example, if the processing of your personal information is subject to the EU General Data Protection Regulation (“GDPR”), and your personal information is processed based on legitimate interests, you have the right to object to the processing on grounds relating to your specific situation. Under GDPR you may also have the right to request to have your personal information deleted or restricted and ask for portability of your personal information.
Whenever you use our services, we aim to provide you easy means to access, modify, delete, object to or restrict use of your personal information
We strive to give you ways to access, update/modify your data quickly or to delete it unless we have to keep that information for legal purposes. These rights can be exercised by contacting us with your specific request.
Your data will be shared with other recipients in order to provide you with services.
While we aim to limit the sharing of your data, at times, it is necessary to share your data with certain service providers. Examples of when and for what purpose your data is shared include data center / hosting services, email services, etc.
The following categories of recipient will most likely receive your data in order for us to provide services to you
All information shared by users on Xerago.com website, blog, and email, are strictly confidential and are considered private exchange of information between the concerned parties. The only instance when we may share this information is if we are forced to do so, to be compliant with law. However, we do not anticipate that in the normal course of business at Xerago, such a requirement to legally share information will arise.
We never share, sell, or rent individual personal information with anyone for promotional or any other marketing use, without your advance permission, or unless ordered by a court of law. Information submitted to us is only available to employees managing this information for purposes of contacting you in the normal course of doing business between Xerago and yourself personally, or your employer organization.
Your data will be stored and processed in multiple countries including outside of the European Union (EU) Region
Since we are an international company, your data may be processed outside of the EU region. Some countries where we process data may not have as protective laws as your own country and there are risks associated with such transfer.
Xerago offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer Data. These clauses are contractual commitments between parties transferring personal data (for example, between Xerago and its customers, suppliers or data processors outside the EU), binding them to protect the privacy and security of the data.
We implement security controls to prevent breaches and unauthorised access to your data.
We maintain reasonable and appropriate security measures to protect Customer Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Examples of security measures include physical access controls, HTTPS, restricted access to data, monitoring for threats and vulnerabilities etc.
We also subject our services to internationally recognised certification and attestation standards. Details about our security measures are available at our Group website.
Our Sites and Services uses commercial efforts to maintain safeguards for protection of your Personal Information
Xerago takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
If you have questions or complaints regarding this Policy, you may contact us through email at [email protected]. We will be replying to your query / complaints within 30 days of receipt of the same by email.
If you are a resident of the European Economic Area and we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you have additional rights. If you are not satisfied with the resolution, you can also lodge a complaint with the Supervisory Authority in the country of your residence.
To sum up, all user information is held sacrosanct and protected with the same amount of diligence with which we would protect our own information. We use strong security measures to protect against the loss, misuse and alteration of data used by our system.