This Policy is effective as of 1 June 2018.
Xchange Technology Group cares about your privacy. For this reason, Xchange Technology Group only uses Personal Data as needed to conduct business related to our products and services. Our privacy notice is intended to describe the information you provide us, and how we use and share that information. By using our websites or other Xchange Technology Group services, you agree to the practices as described in this Privacy Notice. We will indicate the date at the top of this Privacy Notice when it was last updated. We may change this Privacy Notice from time to time by posting updates to our website. An update will be effective for any website use after the date of update. We encourage you review this Privacy Notice from time to time for possible changes. Your use of our websites or services after an update constitutes your agreement to the update. In this Privacy Notice, the words “Xchange Technology Group”, “we”, “us”, “XTG”, and “our” refer to Xchange Technology Group LLC and its subsidiaries.
If at any time you have questions about our practices or any of your rights described below, you may reach us at privacy@xtgglobal.com. This inbox is actively monitored and managed by personnel trained in our policies, processing, and handling of Personal Data. You may also call us at 1.877.377.5227.
INFORMATION YOU PROVIDE US
We receive personal information from Site visitors who submit information directly, such as when inquiring about our products or services, placing an order, registering for an account, responding to a promotional offer, questionnaire or survey, registering to use Site features, registering for webinars and other events, or subscribing to a newsletter. That information typically includes name, title, address, phone number, fax number, e-mail address, and credit card information.
Xchange Technology Group may also record information about how individuals access the Site. This information is typically not personally identifiable and may include internet protocol (IP) addresses (or the DNS name associated with it) of the individual’s device, the websites the user visited immediately prior to and upon exiting this Site, and the browser software the individual is using to access the Site. This information is used in to administer our systems and the Site, and to make improvements to and protect the Site.
Xchange Technology Group may use cookies and other technologies on the Site to enhance or improve user experience, including customization of content. A cookie is usually text data that a website transfers to the individual’s browser from a web server that is stored on the individual’s device. Cookies can be utilized to help us provide you with information targeted to your interests, based upon your prior browsing on our Site. We may compile aggregate data about Site traffic and Site interactions in order to offer better Site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
HOW WE USE IT
Xchange Technology Group believes and supports Personal Data minimization and limiting use to those processing activities for which permission was given. Xchange Technology Group uses the personal information you provide as necessary to deliver our products or services, respond to requests, deliver personalized content and product offerings, or as required for legal compliance or other lawful purposes. Xchange Technology Group uses your personal information to communicate with you via email, phone, or text messages and may send marketing materials if you chose to opt-in to marketing campaigns that you may also opt-out at any time. Xchange Technology Group takes reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current.
Xchange Technology Group’ website may contain links to other sites that operate independently of Xchange Technology Group and are not under our control. We provide links to other websites solely for your convenience and information. Xchange Technology Group is not responsible for the content, security, or privacy practices employed by other sites.
INFORMATION WE SHARE
Xchange Technology Group may share information it collects from Site users with service providers who help us perform services such as managing communications and administering the Site. We permit our service providers to use personal information as needed to deliver services or comply with applicable laws and regulations. Xchange Technology Group enters into a contract with third-parties prior to sharing Personal Data to obtain assurances that the Agent will safeguard Personal Data consistent with Xchange Technology Group obligations. In limited cases, we may share information with other parties if appropriate to respond to your request or inquiry. We will share personal information in the event we sell or transfer all or a portion of our business assets, such as during a merger, acquisition, liquidation, or bankruptcy. We also may share personal information if we have a good faith belief that doing so is necessary to comply with law, respond to a legitimate request from law enforcement or other government body, to protect our interests or the health and safety of others, or to enforce our terms of use for this Site.
OUR USE OF GOOGLE
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We have not enabled Google AdSense on our Site but we may do so in the future.
We use Google Analytics to measure and evaluate access to and traffic on the public area of the Site, and create user navigation reports for our Site administrators. Google operates independently from us and has its own privacy policy, which we strongly suggest you review. For more information, see Google Analytics Privacy and Data Sharing.
We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need to know basis to resolve technical issues, administer the Site and identify visitor preferences; but in this case, the data will be in non-identifiable form. We do not use any of this information to identify visitors or users.
YOUR CHOICES, ACCESS, CORRECTION AND DELETION
You may visit and browse our Site without providing any personal information, and you can always choose not to provide us with the personal information we request. However, choosing not to provide us with certain information that we request may prevent you from accessing or using certain portions of our Site.
We respect your privacy rights and provide you with reasonable access to the personal data that you may have provided through your use of the services. If you wish to access or amend any other personal data we hold about you, or to request that we delete any information about you that we have obtained from an integrated service, you may contact us by contacting your dedicated representative, emailing us at privacy@xtgglobal.com. At your request, we will have any reference to you deleted or blocked in our database. Ecommerce account holders may also log into your account to modify your information at any time. Email subscription preferences can be modified at any time by using the aforementioned contact methods.
If you would like to manage cookies used by this Site, the “help” section of the toolbar on most browsers will inform you on how to prevent your browser from accepting new cookies, how to have the browser notify you upon the receipt of a new cookie, or how to disable the use of cookies completely. However, if you configure your browser to decline cookies, certain features of our Site may not function correctly, and you may be required to renter any user IDs and passwords more frequently. Some browsers incorporate a “Do Not Track” feature that, when turned on, signals to websites and online services that you do not want to be tracked. We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
It’s also important to note that we allow third party behavioral tracking.
SECURITY
Xchange Technology Group takes reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved and the nature of the personal information.
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our Site as safe as possible.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
E.U. GDPR (2016/679/EU) COMPLIANCE
For E.U. clients, IT Xchange complies with the EU General Data Protection Regulation as set forth by the European Union regarding the collection, use, and retention of personal data from the European Union member countries and Switzerland. IT Xchange has certified that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement. IT Xchange is a data controller under the GDPR.
PRIVACY SHIELD
Xchange Technology Group complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States, respectively. Personal Data may include data relating to employees, customers, and business partners. Xchange Technology Group, operating as an employer, may also receive Human Resources data about employees of its affiliates in the EU or Switzerland. Xchange Technology Group has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there are any conflicts between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Individuals can learn more about the Privacy Shield program, individual rights, and our participation in the program by visiting:
https://www.privacyshield.gov/
Xchange Technology Group acknowledges that it is subject to the jurisdiction of the Federal Trade Commission for compliance and enforcement of the Privacy Shield and Swiss Privacy Shield.
RECOURSE, ENFORCEMENT AND LIABILITY
In compliance with the Principles, Xchange Technology Group commits to resolve complaints about our collection or use of your Personal Data. European Union or Swiss individuals with inquiries or complaints regarding Xchange Technology Group’ Privacy Shield Privacy Policy should first contact Xchange Technology Group directly. Xchange Technology Group will respond to issues and complaints within 45 days of receipt. Xchange Technology Group encourages interested persons to raise any concerns about the collection, use, or Processing of Personal Data using the contact information provided. In the event of a privacy related issue or complaint, Xchange Technology Group will investigate and attempt to promptly resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles.
To contact Xchange Technology Group for Privacy Shield-related issues, please use one of the contact methods below:
Email Xchange Technology Group at privacy@xtgglobal.com
Call Xchange Technology Group at +1 919-544-9828
For complaints that cannot be resolved, Xchange Technology Group commits to cooperate with the panel established by the EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable, and comply with the advice given by the panel or Commissioner about Personal Data transferred from the EU or Switzerland. In order to facilitate the handling of complaints, individuals in the EU can choose to contact their national DPA or use the form located at this link:
http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Individuals in Switzerland can contact the Swiss Information Commissioner by visiting this link:
https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
This independent dispute resolution process is provided at no cost to the individual. Under certain conditions an individual may choose to invoke binding arbitration to resolve any residual complaints not resolved by Xchange Technology Group or the DPAs or FDPIC, as appropriate. If an individual formally invokes binding arbitration, Xchange Technology Group will follow the terms set forth in Annex 1 of the Privacy Shield Framework. For more information on binding arbitration visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
CALIFORNIA ONLINE PRIVACY PROTECTION ACT
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf
According to CalOPPA we agree to the following:
· Users can visit our Site anonymously
· Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website.
· Our Privacy Policy link includes the word ‘Privacy’, and can be easily be found on the page specified above.
Users will be notified of any privacy policy changes:
· On our Privacy Policy Page
Users are able to change their personal information:
· By emailing us
· By calling us
· By logging in to their account
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under 13.
FAIR INFORMATION PRACTICES
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify the users via email
· Within 7 business days
We will notify the users via in Site notification
· Within 7 business days
We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that these individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
CAN SPAM ACT
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
· Send information, respond to inquiries, and/or other requests or questions.
· Process orders and to send information and updates pertaining to orders
· We may also send you additional information related to your product and/or service.
· Market to our mailing list or continue to send emails to our clients after the original transaction has occurred
To be accordance with CANSPAM we agree to the following:
NOT use false, or misleading subjects or email addresses
Identify the message as an advertisement in some reasonable way
Include the physical address of our business or Site headquarters
Monitor third party email marketing services for compliance, if one is used.
Honor opt-out/unsubscribe requests quickly
Allow users to unsubscribe by using the link at the bottom of each email
If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email
Definitions
For the purposes of the Privacy Notice, the following definitions shall apply:
“Agent or Processor” means any third-party Processing Personal Data on behalf of, and under the instruction of the Controller.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
“European Union” or “EU” means for the purposes of this Policy all countries within the European Economic Area (EEA).
“Personal Data” means data about an identified or identifiable individual that are within the scope of EU 2016/679 (“GDPR”), received by Xchange Technology Group in the United States from the European Union, and recorded in any form. It does not include personal information that has been anonymized or that is publicly available, that has not been combined with non-public personal information.
“Process,” “Processing,” “Processed” of Personal Data means any operation or set of operations which is performed upon Personal Data, whether by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Sensitive Personal Data” means Personal Data that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information that concerns health or sex life. In addition, Xchange Technology Group will treat as sensitive, any Personal Data received from a third party where that third party treats and identifies the information as sensitive via a Controller or Agent contract with Xchange Technology Group.
ABOUT XCHANGE TECHNOLOGY GROUP
Xchange Technology Group, established in 1996, is a worldwide leader in information technology and is made up of three affiliate companies – IT Xchange, Vernon Computer Source, and BlueRange Technology. Through this group of interdependent companies, we strive to become the world’s premier provider of flexible and cost-effective lifecycle management programs for IT assets.
