Statement Regarding Our Internet Collection of Information
Exchange Analytics Inc. (Exchange Analytics) uses its best efforts to respect the privacy of its customers and visitors to its websites. Personal information, such as email addresses and other volunteered information, are kept confidential.
COOKIES AND GOOGLE ANALYTICS
As with most websites, xanalytics.com and xatraining.com use small pieces of code called “cookies” to log certain information from each visitor. We log which files and pages are being accessed and the time of day. This information is used to help measure traffic to different parts of our websites, improve our content and prevent malicious activity. Cookies are used as part of this process. This data is not personal to you and is gathered only on an aggregated basis.
This data is primarily used to optimize our websites for our visitors; however, we may use this data for internal marketing purposes. An example of how this data could be used for marketing purposes would be to tell potential advertisers how many visitors we get to the website, where our visitors come from, and how they arrive at our websites
WHY WE COLLECT YOUR PERSONAL INFORMATION
We gather your personal information so we can:
- contact you and fulfill our obligations as a service provider
- process your transactions, such as registration for course, and fulfill your purchase requests;
- manage billing processes;
- provide account servicing;
- offer you other related products and services;
- support legal compliance obligations.
WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE COLLECT IT
During the course of our relationship, we collect personal information when you request a product or service from us. We may ask you to provide the following types of personal or business information: your name, address, title, firm, email, phone and mobile phone numbers; credit and financially related information that Exchange Analytics receives as payment for products and online courses. We also collect credit card or wire information if the transaction requires it. For a compliance course that satisfies a regulatory requirement, an employee ID, social security number (or part thereof) and/or birth date may be collected if requested by the client, which is used solely to verify your participation in the course to regulatory bodies or agencies.
Exchange Analytics limits the collection of data to that which is necessary, and will only use personal data for the legitimate purpose for which the personal data is collected. Upon request, Exchange Analytics will delete or transfer any personal data. In that event, however, Exchange Analytics may no longer be able to provide regulatory authorities with records pertaining to training accomplished.
LIMITATION OF DATA USE
Exchange Analytics will not collect, process or use personal data beyond the legitimate purpose for which that data is collected.
CONFIDENTIALITY AND SECURITY
Within Exchange Analytics, we restrict access to your personal information to those employees who need to know that information. We have established physical, technical and administrative security processes that are commensurate with the sensitivity of the information collected to safeguard your information. Recognizing that technology is continually developing, Exchange Analytics may implement new procedures and technology improvements on an ongoing basis to further safeguard your personal information.
Enryption of personal data and data transfers
All personal data is encrypted at rest. Additionally, all personal data in transit is encrypted using SSL.
Ongoing confidentiality, integrity, availability and resilience of exchange analytics’ systems and data processing services
Exchange Analytics assesses on an ongoing basis the integrity, security, availability and resilience of its systems and services.
Restoration and access to data in a timely manner
All data is stored using “cloud servers” in an encrypted state, and all data is backed up by using mirrored service centers. Exchange Analytics is confident that all data will be available in a timely manner in the event of a physical or technical incident.
Regular testing, assessment and evaluation of exchange analytics’ information security procedures
Periodically Exchange Analytics conducts an internal review, which looks at the effectiveness of its technical and organization measures to ensure the security of personal data.
Data protection officer
Exchange Analytics has a Data Protection Officer, who is responsible for advising the company about compliance with information security requirements.
Awareness and training
Exchange Analytics is committed to operate as a trusted steward of personal data. All employees must annually complete training on Cybersecurity and Identity Theft Prevention.
WHAT INFORMATION WE DISCLOSE
Your personal information is primarily disclosed only to Exchange Analytics.
We may also disclose your personal information to third parties in the normal course of business, including but not limited to: (i) payment networks, and the members of such networks; (ii) electronic funds transfer networks; (iii) clearing and settlement banks; (iv) service companies that perform business operations for Exchange Analytics, including but not limited to account statement preparation and mailing services; (v) courts, independent auditors, law enforcement agencies and other governmental authorities, regulatory bodies or agencies in response to subpoenas, to prevent fraud, during the course of an audit or examination or as required by law; and (vi) collection agencies, credit reporting agencies, business credit bureaus or other parties associated in collecting any debt owed to us.
Service companies also are prohibited from using personal information for any reason other than to provide the specific products or services intended. Exchange Analytics reserves the right to transfer personal information in connection with the sale of all or part of its business or assets.
LAWFUL, FAIR AND TRANSPARENT PROCESSSING
All data processing is for a legitimate purpose. For regulatory purposes, Exchange Analytics retains certain information pertaining to persons who access our system. Exchange Analytics collects the minimum data needed in order to report and retain training records, which primarily include only name, email address and firm affiliation. In certain cases a company may request we collect other data used to identify an individual (such as an employee ID, social security number (or part thereof) and/or birth date), but this must be requested by the client.
Access to data
Designated personnel have access to personal data stored by Exchange Analytics. Additionally relevant client designated administrators may be granted access to personal data pertaining to the client’s employees. In some cases third-party vendors of Exchange Analytics (such as IT consultants) may need to access this data, however in all cases they will be required to comply with internal Exchange Analytics Information Security Policies and Procedures. You have the right to receive from Exchange Analytics confirmation on whether your personal data has been processed or whether Exchange Analytics holds your personal data. Upon request, Exchange Analytics will provide you with the personal data that Exchange Analytics has regarding you.
Exchange Analytics will maintain a Personal Data Breach Register and, based on severity, will notify appropriate regulatory bodies and data subjects within 72 hours of identifying a breach.
RIGHTS AND MODIFICATIONS
Exchange Analytics respects your rights as a data subject.
Transparency, information and answers to requests: Exchange Analytics adheres to the principle of transparency in processing. For any questions regarding this policy you may contact us at firstname.lastname@example.org. We will respond without undue delay and in any case within one week upon receipt of the request.
Access: You have the right to receive from Exchange Analytics confirmation on whether your personal data has been processed or whether Exchange Analytics holds your personal data. Upon request, Exchange Analytics will provide you with the personal data that Exchange Analytics has regarding you.
Rectification: You have the right to require the rectification of inaccurate data relating to you without undue delay, as well as incomplete data if necessary for processing. If you have an account on our learning system, you can update your account data directly through your profile by selecting “My account” from the options menu at the top of the screen.
Erasure: You have the right to ask for the erasure of personal data concerning you without undue delay. Exchange Analytics will not proceed with the erasure of personal data if the data must be maintained for a legal obligation or in cases where the processing is required for the establishment, exercise or defense of legal claims.
Restriction of processing: You have the right to request restriction of processing if the accuracy of personal data is disputed, for that period of time that allows Exchange Analytics to verify the accuracy of personal data or based on any other legitimate reason specified in applicable Data Protection Laws.
Data Portability: If technically feasible, you have the right to receive your personal data in a structured, commonly used and machine-readable fashion as well as the right to request the direct transmission of personal data by Exchange Analytics to another party.
Right to Object: If you receive promotional emails, you can remove yourself from the recipients list by selecting the “unsubscribe” link within the email content.
Complaint to Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, in particular in the country of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes Data Privacy Laws.
Your choice to use our websites, purchase or enroll in our web-delivered educational courses or products, and/or to allow the downloading of cookies via your browser constitute consent to this policy and consent to the use of your information as described.
Besides strengthening and standardizing user data privacy across the EU nations, GDPR imposes new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located.