Privacy Policy
xBack is committed to
protecting your privacy.
Thank you for accessing
the xBack operated by xBack
Inc (“we,” “our,” or “us”). We respect your privacy and want to protect your
information. This Privacy Policy governs the xBack.io and their subdomains (the
“Sites”), applications, products, services, events, and any interactive
features and applications that reference this Privacy Policy. To the extent we
provide you notice with different or additional privacy policies or practices
(e.g., at the point of collection of your information), those additional terms
shall govern such data collection and use. This Privacy Policy also applies to
information we may collect from you while visiting our booth during an event,
accessing a white paper online, via telephone calls with our office, through
online payments, using our applications, services and
any products, or in any other instance when you contact us. If you voluntarily
provide your information in the course of using or
interacting with our Sites or apps, purchasing our products, or using our
services, we will take that as your consent to our collection, use, and
disclosure of your information in accordance with this Privacy Policy.
This Privacy Policy must be read in
conjunction with the xBack Terms of Service (the
“Terms”). Together, they form a legally binding agreement between you and xBack, so please read them carefully. Unless otherwise
stated, the capitalized terms in this Privacy Policy shall have the same
meaning given to them in the Terms.
This Privacy Policy does not apply
to any products, services, websites, or content that are offered by third parties
(“Third Party Services”), which are governed by their respective privacy
policies.
This Privacy Policy explains what
personal information we collect from you, why we collect it, under what
circumstances we may share it with third parties, how we protect your personal
information, and your privacy rights. Personal information means any
information relating to an identified or identifiable natural
person.
In addition, please review the
Sites’ Terms of Use, which govern your use of the Sites. By using our Sites,
you consent to this Privacy Policy and agree to the Terms of Use.
Table of Contents
What Information We Collect
Why We Collect Information
When We Share Information
Cookies
Location of Your Information
Data Security
Marketing Choices
xBack
as a Data Processor for EU/EEA and Switzerland Customers
Your GDPR Rights
Your California Privacy
Rights
Privacy of Children Online
Updating Personal
Information
Do Not Track Disclosures
(DNT)
Visitors to the Sites Outside of
the United States
Links to Other Websites
Information Retention
Questions/Changes in Privacy
Policy
-------------------------------------------------------------------
What Information We Collect
We collect personal information
from you in a variety of ways when you use our service and products. Below is a
list of personal information that we collect and the sources from which we
collect the information.
(a) Information You Provide to Us
In connection with the products and
services we provide, we may ask you to provide us with following categories of
personal information. Not all categories may be collected about every
individual:
• Personal identifiers (e.g. name, mailing address, email address, phone number)
• Characteristics of protected
classifications (e.g. gender, age, nationality)
• Commercial information (e.g. products or services purchased, purchase history)
• Internet or other electronic
network activity (e.g. browser, cookie ID or search
history)
• Geolocation data (e.g. latitude or longitude)
• Financial information (e.g. bank account numbers)
(b) General Browsing
In addition to information that you
choose to submit to us, we and our service providers automatically collect and
store certain information when you visit or interact with the Sites (“Usage
Information”). This Usage Information may be stored or accessed from your
personal computer, laptop, tablet, mobile phone or other device whenever you
visit or interact with our Sites. Usage Information may include:
• Your IP address, UDID or other unique identifier
• Your device functionality,
including browser, operating system, hardware, and mobile network information
• Internet, application, and
network activity, such as cookie IDs and browser visits
• Location information, such as
geo-location information
Why We Collect Information
We collect your personal
information to provide you with our products and services, such as to fulfill
your requests for services or to help us personalize our services and marketing
to you. We also collect your personal information to support our business
functions, such as customer service, recruiting, and legal functions. Below are
some ways in which we use your personal information:
• Registering and maintaining your
account
• Processing your order(s) and
providing you with customer service, including responding to your inquiries
regarding our products and services and/or communicating with you regarding
orders, purchases, and payments
• Complying with legal obligations,
including, for example, collecting address information for identity
verification for credit card billing
• Sending you marketing information
about xBack and our affiliates
• Sending you email communications
such as electronic newsletters about our products, Services, events, and
promotions
• Improving the effectiveness of
our Sites, marketing endeavors, and product and service offerings
• Identifying your product and
service preferences, providing personalized content and ads
and informing you of new or additional information, products and services that
may be of interest to you
• Allowing you to participate in
interactive discussions and public forums
• Helping us address problems with
and improve our Sites and our products and services
• Protecting the security and
integrity of the Sites
• Screening, identifying, and
evaluating candidates for positions
• For other internal business
purposes, and
• For purposes disclosed at the
time you provide your information or as otherwise set forth in this Privacy
Policy
When We Share Information
We share your personal information
with third parties, such as companies with whom we have marketing or other
relationships. We will not sell or rent your personal information for money.
Examples of when xBack shares your personal information include:
(a) Third Parties Providing
Services to xBack. We may use third party service
providers to perform certain services on behalf of us or the Sites, such as: (i) shipping products and ensuring delivery; (ii) processing
credit cards and/or electronic payments; (iii) assisting us in Sites
operations; (iv) managing a database of customer information; (v) hosting the
Sites; (vi) designing and/or operating the Sites’ features; (vii) tracking the
Sites’ activities and analytics; (viii) enabling us to send you special offers
or perform other administrative services; and (ix) other services designed to
assist us in maximizing our business potential. We may provide these vendors
with access to user information to carry out the services they are performing
for you or for us. We require our service providers to keep user information
secure. We do not allow our service providers to use or share user information
for any purpose other than providing services on our behalf.
(b) To Protect the Rights of xBack and Others. To the fullest extent permitted by
applicable law, we may also disclose your information if we believe in good
faith that doing so is necessary or appropriate to: (i)
protect or defend the rights, safety or property of xBack
or third parties (including through the enforcement of this Privacy Policy, our
Terms of Use, and other applicable agreements and policies); or (ii) comply
with legal and regulatory obligations (e.g., pursuant to law enforcement
inquiries, subpoenas, or court orders). To the fullest extent permitted by
applicable law, we have complete discretion in electing to make or not make
such disclosures, and to contest or not contest requests for such disclosures,
all without notice to you.
(c) Affiliates and Business
Transfer. We may share your information with our subsidiaries and affiliates.
As part of this sharing of information with our subsidiaries and affiliates,
this means that once you provide us with information, any one of our related
entities may use your information, including for marketing purposes, pursuant
to the terms of this Privacy Policy. We also reserve the right to disclose and
transfer all such information: (i) to a subsequent
owner, co-owner or operator of the Sites and/or our
services; or (ii) in connection with a merger, consolidation, restructuring,
the sale of substantially all of our interests and/or assets or other corporate
change, including during any due diligence process.
Cookies
Our Sites use certain tags, log
files, web beacons, and similar tracking technologies from third parties (collectively,
"cookies"), of which you should be aware. These mechanisms indirectly
or passively collect certain information about your use and interaction with
our Sites and when you use our services. For more information about how we use
cookies and your choices, please refer to our Cookies Policy.
Location of Your Information
xBack
is located in the United States, and our affiliated
companies are located throughout the world. Depending on the scope of your
interactions with our services, your personal information may be stored in or
accessed from multiple countries, including the United States. Whenever we
transfer personal information to other jurisdictions, we will ensure that the
information is transferred in accordance with this Privacy Policy and as
permitted by applicable data protection laws.
Data Security
xBack
is concerned with the security of the data we have collected and utilizes
reasonable measures to prevent unauthorized access to that information. These
measures include policies, procedures, employee training, physical access, and
technical elements relating to data access controls. In addition, xBack uses standard security protocols and mechanisms to
facilitate the exchange and transmission of sensitive data, such as credit card
information, and has procedures in place to deal with any data breach. We will
notify you and any applicable regulator of a data breach where we are legally
required to do so.
Please note that while we
incorporate commercially reasonable safeguards to help protect and secure your
personal information, no data transmission over the Internet, mobile networks,
wireless transmission, or electronic storage of information can be guaranteed
100% secure. As a result, xBack cannot guarantee or
warrant the security of any information you transmit to or from our Sites, and
you provide us with your information at your own risk. If you must transmit
confidential information to us for any reason, please contact us for
instructions for a secure file transfer protocol.
Marketing Choices
We may send you direct marketing
messages including by way of email alerts. If you no longer wish to receive our
email marketing or general information communications, to be part of a mailing
list, or to receive any marketing communications, you can opt-out of such
communications at any time by clicking on the unsubscribe link in the relevant
communication or contacting us at x@xBack.io.
xBack
as a Data Processor for EU/EEA and Switzerland Customers
When providing software as a
service (SaaS), xBack may process personal data
controlled by its customers or customers of xBack entities
located in the European Union/European Economic Area (“EU/EEA”). xBack does not determine or have knowledge of the types of
data stored by customers or how that data is accessed, exchanged, processed, or
the classification of that data. xBack customers are
the data controllers of such personal data and are responsible for compliance
with applicable data protection laws. xBack processes
data as a data processor at the direction of its customers in accordance with
the terms of the MSA.
The provision of SaaS may, at the
direction of the customer, include the transfer by the customer of its
customers’ personal data outside of the EEA to jurisdictions which may not
provide the same level of legal protection as in the EEA. The customer is responsible
for ensuring that it has all necessary consents and agreements in place with
data subjects for international transfers of personal data that it directs as
part of its receipt of IaaS.
The terms “personal data,”
“process,” “data controller,” “data processor,” and “data subject” have the
meanings given to them in the EU General Data Protection Regulation (“GDPR”).
On occasion, employees of xBack may have temporary access to customer content in
connection with providing maintenance or support services to you. This access
will only be accomplished by way of your explicit permission and instructions
(as the controller of the customer content) and only for so long as the
employee is providing services to you. As a processor, xBack
will not access the customer content for any purpose beyond providing you with
support as described above and will not disclose it to any person or
entity.
Your GDPR Rights
If you are in the EEA, you have the
following rights, which can be exercised free of charge:
• Access. You have the right to
request a copy of the personal information that we are processing about you. If
you require additional copies, we may need to charge a reasonable fee
• Rectification. You have the right
to require the correction of any mistake in the personal information, whether
incomplete or inaccurate, that we hold about you
• Deletion. You have the right to
require the erasure of personal information concerning you in certain
situations, such as where we no longer need it or if you withdraw your consent
(where applicable)
• Portability. You have the right
to receive the personal information concerning you that you have provided to
us, in a structured, commonly used, and machine-readable format and have the
right to transmit that data to a third party in certain situations
• Objection. You have the right to
(i) object at any time to the processing of your
personal information for direct marketing purposes and (ii) object to our
processing of your personal information where the legal ground of such
processing is necessary for legitimate interests pursued by us or by a third
party. We will then abide by your request unless we can demonstrate compelling
legal grounds for the processing
• Restriction. You have the right to
request that we restrict our processing of your personal information in certain
circumstances, such as when you contest the accuracy of that personal
information
• Withdrawal of consent. If we rely
on your consent (or explicit consent) as our legal basis for processing your
personal information, you have the right to withdraw that consent at any time.
"Explicit consent" would be required if the xBack
relies on consent as the condition to lawfully process "special categories
of personal data," as defined in the GDPR
Please note that some of these
rights may be limited where we have an overriding interest or legal obligation
to continue to process your personal information or where data may be exempt
from disclosure due to professional secrecy obligations.
If you are in the EEA and would
like to exercise any of these rights, please:
• Submit a request by using our
GDPR Data Subject Rights Form.
-OR-
• Email us at x@xBack.io
• Provide enough information to
identify yourself (e.g., name, email address, etc.)
• Provide proof of your identity
and address (e.g. a copy of your driver’s license or
passport and a recent utility or credit card bill) and
• Provide the information to which
your request relates
Your California Privacy Rights
If you are a California resident,
you may make certain requests to xBack regarding your
personal information. We will fulfill each of your requests to the extent required
by California law.
You can ask us to:
(1) Provide a copy of your personal
information, or categories of personal information
(2) Delete your personal
information
(3) Stop selling your personal
information
We do not share your personal
information for money. We do share personal information with our affiliated
entities and certain third parties, which may be considered a “sale” under
California law even if we do not receive money in exchange for the information.
We do not knowingly sell the personal information of minors under the age of
16.
We will not discriminate against
you for exercising your rights. This means we will not deny you products or
services, charge different prices or rates, provide a different level of service
or quality of products, or suggest that you might receive a different price or
level of quality for products or services. Please know, if you ask us to delete
or stop selling your data, it may impact your experience with us.
To make your request, please use
our CCPA Privacy Request Form. Or you can email your request to x@xBack.io with
“California Privacy Rights” as the subject line. You must include your full
name, email address, phone number, and postal address in your request for us to
verify your identity.
Privacy of Children Online
Our Sites and Services are not
directed to children under the age of 13 and do not knowingly collect personal
information from children under the age of 13. Please contact us at x@xBack.io
if you have concerns regarding the potential collection of your child’s
information.
Updating Personal Information
We strive to keep your personal
information accurate and up to date. If you would like to update your personal
information, you can accomplish it in the following ways:
• If you have created an account on
our Sites, log into your account. Once you do, you will be able to enter and
update your own contact information.
• Contact us at x@xBack.io. We will
use good faith efforts to make requested changes in our then active databases
as soon as reasonably practicable (but we may retain prior information as
business records). Please note that it is not always possible to completely
remove or delete all your information from our databases and that residual data
may remain on backup media or for other reasons, such as a legitimate business
reason.
Do Not Track Disclosures (DNT)
Various browsers (including
Internet Explorer, Firefox, and Safari) offer a DNT option that relies on a
technology known as a DNT header that sends a signal to websites visited by the
browser user about the user's DNT preference. You can usually access your
browser's DNT option in your browser's preferences. xBack
currently does not respond to DNT signals in browsers because no DNT standard
has been adopted by the industry.
Visitors to the Sites Outside of
the United States
If you are visiting the Sites from
a location outside of the United States, your connection will be through and to
servers located in the United States. All information you receive from the
Sites will be created on servers located in the United States. Information you
provide through the Sites may be maintained on our web servers and systems
located within the United States, or on our service providers’ servers and
systems in other countries, including countries outside the European Economic
Area (EEA). The data protection laws in the United States or other countries
may differ from those of the country in which you are located, and your information
may be subject to access requests from governments, courts, or law enforcement
in the relevant countries according to local laws. By using the Sites or
providing us with any information, you consent to the transfer to, and
processing, usage, sharing and storage of your information in the United States
and in other countries, as set forth in this Privacy Policy.
Links to Other Websites
For your convenience, the Sites may
contain links to other websites. xBack is not
responsible for the privacy practices, advertising, products, services, or the
contents of such other websites. None of the links on the Sites should be
deemed to imply that xBack endorses or has any
affiliation with the links.
Information Retention
We will retain your personal
information for as long as necessary for the purposes for which that
information was collected as set out in this Privacy Policy or for longer as
required under any applicable legal, regulatory, accounting, or reporting
requirements. Should you opt out or no longer wish to receive marketing
messages from us, we will securely delete your personal information from the
relevant mailing list(s).
Questions / Changes in Privacy
Policy
If you have questions or concerns
with respect to our Privacy Policy, you can contact us at x@xBack.io.
Please check our Privacy Policy
periodically for changes. All the changes will become effective on the date
posted. If you are concerned about how your personal information is used,
please visit our Sites often for this and other important announcements and
updates.