Exeevo and Privacy
Exeevo Inc. is committed to the individual’s right to privacy. This Privacy Statement applies to all Affiliates, Websites, and Services owned and operated by Exeevo and describes our privacy practices for how we collect, use, share, and process information relating to individuals (“Personal Data”) and how you can learn about your rights and choices regarding our processing of your Personal Data. As a global organization, we abide by all applicable data privacy laws, such as the California Consumer Privacy Act (“CCPA”), the European Union’s General Data Protection Regulation (“GDPR”), the US Health Insurance Portability and Accountability Act (“HIPAA”) and Brazil’s Lei Geral de Proteção de Dados (“LGPD”). Each of these laws focuses on transparency and trust.
1. INTRODUCTION
Exeevo and its clients value the protection of personal data, protected health information (PHI), and personally identifiable information (PII).
Exeevo has established this Data Privacy Policy to protect and control the collection, processing, storage, and/or transmission of such data.
This policy is intended to be shared with our clients, vendors, business associates, and employees so that they are aware of the policies and practices with respect to personal data/PHI/PII managed by Exeevo as part of any services delivered.
2. DATA PRIVACY POLICY
Exeevo is committed to protecting personal information in accordance with its responsibilities under various regulatory frameworks and individual rights. As a healthcare solutions company, Exeevo’s leadership, management, employees and its business associates shall strive to protect personal information by:
- Identifying internal and external interested parties and the extent to which they are involved in the governance of the organization’s personal information management system
- Providing best-in-class resources and methods to process personal information lawfully, fairly and in a transparent manner in relation to the rights of data principles or data subjects
- Safeguarding the personal information by collecting, processing, storing and transmitting in forms that permit identification of individuals for nothing other than explicit, specified purposes
- Providing clear information to natural persons (including special safeguards while collecting information from children) about how their personal information can be used and by whom; and by respecting individual’s rights in relation to their personal information
- Assuring that further processing or archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered to be incompatible with the initial purposes
- Processing in a secure manner that ensures protection against unauthorized or unlawful processing and against accidental loss, destruction or damage
- Taking adequate steps to establish that the personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Taking reasonable steps to ensure accuracy of the personal information
- Following best practices for safe data storage, transmission and destruction
- Implementing appropriate backup and disaster recovery systems
- Responding to personal data breaches in the most appropriate and fastest manner possible: In the events such as accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, Exeevo shall promptly assess the risk to individual’s rights and freedoms and report such breach to the Data Protection Cell (Refer to section 5:Governance Structure for Personal Data Protection) for taking further actions as per the regulatory requirements
General Provisions to This Policy:
- Applicability: This policy is applicable to all personal information processed at Exeevo.
- Ongoing Compliance: The Data Protection Cell shall be responsible for Exeevo’s compliance with this policy.
- Cognizance: This policy shall be made available to all Exeevo employees and associates as documented information and communicated appropriately. It shall also be effectively communicated to all of Exeevo’s employees, its associates, and interested parties. Review: This policy shall be reviewed at least once annually.
3. SCOPE
- This policy applies to all personal data/PII and PHI processed by Exeevo.
- This policy would be relevant to all applicable services or projects managed for Exeevo’s clients.
4. DEFINITIONS
Terms
Definition
Business Associate Agreement
Refers to the agreement between the business associate (Exeevo) and the covered entity.
Business Unit (BU)
Refers to different departments in Exeevo.
Covered Entity
Refers to an organization that routinely handles personal information, PII, and PHI.
Data Protection Officer (DPO)
Refers to the person heading all data privacy-related programmes and initiatives within the organization.
Engagement
This refers to the project, program, or engagement conducted or performed by Exeevo on behalf of its clients or covered entity.
Electronic Protected Health Information (EPHI)
Refers to all individually identifiable health information that is created, maintained or transmitted electronically.
General Data Protection Regulation (GDPR)/(EU) 2016/679
Legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).
Health Insurance Portability and Accountability Act (HIPAA)
Act of 1996 specifies laws for the protection and use of personal (or protected) health information (PHI), which is essentially an individual’s medical records.
Personal identifiable information (PII)
Refers to any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered as PII. Any information about an individual’s identity, such as their name, social security number, date and place of birth, mother’s maiden name, and biometric records, can be considered as PII.
PII also can constitute “PHI” under HIPAA Act of 1996.
Privacy Rule
This refers to the part of the HIPAA rule that addresses the saving, accessing, and sharing of an individual’s medical and personal information, including a patient’s right to access.
PHI
Refers to any information that identifies an individual AND relates to:
- The individual’s past, present or future physical or mental health; OR
- The provision of healthcare to the individual; OR
- The past, present or future payment for healthcare.
Privacy Single Point of Contact (SPOC)
Refers to the person monitoring the personal data/PII/PHI management under each BU.
Security Rule
Refers to the part of the HIPAA rule that outlines national security standards intended to protect health data created, received, maintained or transmitted electronically.
SPOC
Refers to the single point of contact/point persons.
Online Channel
A preselected website that can automatically send updated information for immediate display or view on request.
Special categories of personal information
The following types of data are categorized as special categories of personal information:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade-union membership
- The processing of genetic information
- Biometric information for the purpose of uniquely identifying a natural person
- Information concerning health or information concerning a natural person’s sex life or sexual orientation.
High-risk personal information
The following types of data are categorized as high-risk personal information:
- Special category personal information
- Personal bank account and other financial information;
- National identifiers, such as national insurance numbers;
- Personal information relating to vulnerable adults and children;
- Detailed profiles of natural persons (including children); and
- Sensitive negotiations which could adversely affect natural persons.
5. GOVERNANCE STRUCTURE FOR PERSONAL DATA PROTECTION
Data Privacy Cell
Exeevo shall ensure appropriate governance of personal data/PII/PHI. In pursuance of this objective, a personal data privacy cell has been structured as shown below:
The data privacy cell consists of DPO and all the BU-SPOCs.
- To identify personal data/PII/PHI under all operations and projects across Exeevo
- To analyze risks and implement control measures to protect personal data/PII/PHI
- To provide a support framework to manage the rights of data subjects
- To address requests and grievances of data subjects
- To ensure compliance with the data privacy requirements of data controllers
- To ensure compliance with various legal and regulatory requirements across jurisdictions
- To provide adequate measures for data privacy with processors/subprocessors as required
- To provide for appropriate technology and operational controls for transfer/import / export/storage / destruction of personal data / PII / PHI
The summary of data privacy governance proceedings shall be discussed in the quarterly Information Security Group review meeting.
6. SOURCES OF PERSONAL DATA/PII/PHI
The methods and technologies by which the personal data/PII/PHI are collected are as follows:
Collection of Personal Data/PII/PHI Directly From the Individual
When Exeevo collects personal data/PII/PHI about an individual, measures shall be taken to respect the individual’s privacy preferences.
Engagements/Programmes/Projects
Personal data/PII/PHI is collected from participants in an engagement who access Exeevo websites, portals, platforms, etc. We may collect additional information relating to an individual’s participation in Exeevo programmes. Please note that we also collect personal data/PII/PHI relating to an individual at the time of enrolling in an Exeevo programme, as well as in the course of allocating and issuing a unique ID and password to access the Exeevo websites, portals, platforms, etc.
Automatic Collection of Information
When an individual visits an Exeevo website, we automatically collect and analyze certain information about the individual’s computer. This information includes, but may not be limited to the Internet Protocol (IP) address used to connect the individual’s computer to the Internet, information about the browser type and language, the date and time the individual accessed the website, the content of any undeleted cookies that the browser previously accepted from Exeevo and the referring website address.
Cookies and Other Technologies
We use various technologies to collect information on an Exeevo website. Cookies: When an individual visits an Exeevo website, we may assign the computer one or more “cookies.” A cookie is a small text file that contains information that Exeevo can later read to facilitate access to the site and personalize the online experience. For example, when an individual signs into an Exeevo site, we may record his/her user ID in a cookie file on the individual’s computer. In addition, through the use of a cookie, we may automatically collect information about the online activity on the Exeevo site, such as the web pages visited, the links clicked, and the searches conducted. Most browsers automatically accept cookies; however, an individual can usually modify the browser setting to decline cookies by visiting the Help section of the browser’s toolbar. If an individual chooses to decline cookies, please note that he/she may not be able to sign in or use some of the interactive features offered on Exeevo websites.
Other technologies: Exeevo may use standard Internet technology, such as Web beacons (also called clear GIFs or Pixel tags) and similar technologies to deliver or communicate with cookies and track usage of Exeevo sites. We may also include Web beacons in e-mail messages or newsletters to determine whether messages have been opened and acted upon. The information we obtain in this manner enables us to customize the services we offer and measure the overall effectiveness of our online content, advertising campaigns, and the products and services offered through the website. Also, we use cookies to provide social media features, and to analyze our traffic.
7. MANAGING DATA PRIVACY RIGHTS IN PROJECTS
The scope of business at Exeevo does not require us to disclose personal data/PII/PHI to parties outside the designated programme area except for legal and statutory obligations.
Before the initiation of a project, we ensure that:
- The business SPOC is communicated regarding the project/programme
- Contract-specific clauses for the project/programme are reviewed and monitored
- Risk analysis and treatment is carried out for the complete programme/project and contingency and mitigation is put in place
- Each and every member of the programme/project shall be responsible to ensure the PII/PHI is kept confidential
- Access to the entire or limited PII/PHI, based on their role in the engagement should be restricted
- We recognize the covered entities that are to be provided access to the PII/PHI in a de-identified format
- Any third parties who have access to the PII/PHI comply with Exeevo’s policies and give proof of compliance
- The respective privacy SPOC of the team should provide reports to the DPO on updates, problems, and breaches with regard to PII/PHI
- The BU SPOC ensures that all the team members are trained with information of do’s and don’ts of the data
8. MANAGING DATA PRIVACY RIGHTS FOR PERSONAL DATA/PII/PHI COLLECTED FROM WEBSITES AND OTHER ONLINE CHANNELS
In general, any individual may access Exeevo websites or online channels without providing any personal information about themselves. However, we collect certain information such as:
- Information that is provided via our websites, including information provided when an individual registers on our website, for example, name, email address, designation, company, country, and telephone number
- Information about an individual’s computer, visits and the use of Exeevo websites, such as IP address, demographics, computer’s operating system, and browser type and information collected via cookies.
Use of Personal Information
We may use the personal information we obtain to:
- Provide and administer our products and services
- Communicate about and administer our products, services, events, programmes and promotions (such as by sending alerts, promotional materials, newsletters and other marketing communications)
- Conduct and facilitate surveys, sweepstakes, focus groups and market research initiatives
- Perform data analytics (such as market research, trend analysis, financial analysis and customer segmentation)
- Provide customer support
- Process, evaluate and respond to requests, inquiries and applications
- Operate, evaluate and improve our business (such as by administering, enhancing and improving our products and services; developing new products, services and online channels; managing our communications and customer relationships; and performing accounting, auditing, billing, reconciliation and collection activities)
- Conduct investigations and comply with and enforce applicable legal requirements, relevant industry standards, contractual obligations and our policies and terms (such as this Privacy Policy and other online channels terms of use)
- Maintain and enhance the safety and security of our products, services, online channels, network services, information resources and employees
We may combine personal information we obtain through online channels with information we obtain through offline channels, as well as other information, for the purposes described above. We may anonymize or aggregate personal information and use it for the purposes described above and for other purposes to the extent permitted by applicable law. We also may use personal information that we identified at the time of collection for additional purposes. We obtain the individual’s/data subject’s consent for these additional uses to the extent required by applicable law.
Consequences of Not Providing Personal Data/PII/PHI
If an individual or data subject chooses not to provide the personal information required to process a request, Exeevo may not be able to provide the corresponding service.
9. PURPOSES FOR WHICH WE PROCESS PERSONAL DATA AND THE LEGAL BASIS
The purposes are programme/project specific. However, the common purposes are mentioned as follows:
- We process personal data/PII/PHI when necessary for the performance of a contract to which the individuals/data subjects are parties or to take steps at a request prior to entering into a contract. This applies in any case where we provide services to a client in pursuance of a contract, such as when an individual/data subject uses our website or registers on the websites/online channels.
- We process the personal data/PII/PHI when it is necessary for the purposes of a legitimate interest pursued by us or a third party (when these interests are not overridden by the data protection rights and regulatory obligations). This applies in the following circumstances:
- To identify the individuals/data subjects
- To contact and respond to the individual’s questions or requests
- To provide access to desirable content and/or services based on preferences/contractual obligations
Sharing of Personal Data/PII/PHI
In general, our clients are the data controllers responsible for processing personal data/PII/PHI.
Transfer of Personal Data/PII/PHI Outside the European Economic Area (EEA)
We transfer personal information to countries outside the EEA (generally referred to as third countries) only if included in our contractual agreement that we have signed with the client, including to countries that have different data protection standards to those that apply in the EEA. Our service providers are primarily located in the United States, Singapore, India and the United Kingdom. Where service providers process personal data/PII/PHI in countries deemed adequate by the European Commission, we rely on the European Commission’s decision to protect personal information.
For transfers to Exeevo group companies and service providers outside the EEA, we use standard contractual clauses or rely on a service provider’s Privacy Shield certification or a service provider’s (EU Data Protection Authority approved) corporate rules that are in place to protect the personal data/PII/PHI.
When required, Exeevo discloses personal data/PII/PHI to external law enforcement bodies or regulatory authorities to comply with legal obligations
Access, Correction, Objection With Regard to Personal Data/PII/PHI
Data subjects have the rights to request access to correct, delete or transfer personal data/PII/PHI that we hold, including profile and preferences. Data subjects also have the right to object to certain processing and, where our client or we have asked for consent to process the personal data/PII/PHI, to withdraw this consent.
Where we process the personal data/PII/PHI because we have a legitimate interest in doing so, data subjects also have a right to object to this. These rights may be limited in some situations, for example, where we can demonstrate that we have a legal requirement to process the personal data/PII/PHI.
Data subjects can assert their rights where such information is provided by contacting us at privacy@exeevo.com.
United States residents can contact us at the below-mentioned address and phone number as well
Exeevo, Inc. Office Address: 600 Third Avenue, 2nd Floor, New York, NEW YORK, 10016
Board line Number: +1 (646) 905-0586
Data Security
Exeevo adopts reasonable and appropriate security practices and procedures, including administrative, physical security, and technical controls to safeguard personal information.
We take precautions, including organizational, technical, and physical measures to help safeguard against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, the personal data/PII/PHI we process or use.
Data Retention and Destruction
Exeevo will retain the personal data/PII/PHI as per the project/programme agreement. On the completion of the agreed period, the data shall be archived/destroyed/transmitted to the client according to the regulatory norms.
If the client wishes to retain the personal data/PII/PHI, the client’s employee identified in the statement of work or service agreement should request for the data in writing. Exeevo will provide the data in the prescribed format.
Reference document: Sections 6.5 and 8 of Exeevo Information SOP For Exeevo Information Lifecycle Document.
Children’s Personal Information
We do not knowingly collect personal data/PII/PHI from children under the age of 16. If the parents or guardians believe that their child/ward has provided us with personal data without their consent, such parents or guardians can contact us at info@exeevo.com, and we will take steps to delete such personal data/PII/PHI from our systems
Restrictions on Automated Processing and Decision Making With Significant Effects on the Data Subject(s)
Restrictions on automated data processing and decisions based solely on automated processing without human intervention (which could include profiling) shall apply if the decisions produce legal effects or similar significant effects on the data subject. Individuals have a right to object to automated decision-making.
-Automated processing of data may be used if it is:
-Necessary to enter into, or to perform, a contract between a data subject and controller
-Authorized by Union or Member State law
-Based on the individual’s explicit consent
10. REFERENCES
Exeevo Data Breach Notification procedure
BS 10012:2017 Standard (specification for Personal Information Management System)
HIPAA_Privacy Rule
GDPR ([EU] 2016/679)
California Consumer Privacy Act, AB-375 (2017–2018 Session)
11. APPENDIX-1 RESPONSIBILITIES OF KEY STAKEHOLDERS
Exeevo DPO shall be responsible for the development and implementation of policies and procedures that are designed to achieve ongoing compliance with global laws with regard to PII/PHI. The responsibilities of a DPO are as follows:
- Establishing data privacy and data protection objectives
- Approval and periodic reviewing of the Data Privacy Policy
- Designating data privacy point persons (SPOCs) for every BU
- Ensuring adequacy of the data privacy/data protection framework across the enterprise
Responsibilities of Data Privacy SPOCs (BU)
The point persons/SPOCs shall be responsible for data privacy/protection for the respective BUs that they are assigned with. The responsibilities include:
- Performance of risk assessment before the onboarding of a project or an engagement on the personal data/PII/PHI collected, maintained, used, stored or transmitted, based on GDPR, HIPAA and other applicable data protection regulations
- Determination of the physical, administrative, operational and technical controls that may be necessary to adequately address the identified risks, based on the risk assessment
- Implementation of controls after onboarding the engagement/project as defined in the risk assessment documentation
- Maintenance of engagement-specific risk assessment documentation
- Ensuring that the proposals, master services agreements, statements of work, work orders and change requests adhere to the terms of this Data Privacy Policy
- Monitoring for adherence with approved and permitted methods of collection, processing, storage and transmission of personal data/PII/PHI
- Directing an individual’s/data subject’s rights-related requests to privacy@exeevo.com
Contact Information in Case of Questions, Concerns or Complaints
Questions, concerns, or complaints about Exeevo’s personal data practices or this Data Privacy Policy may be addressed to the DPO. Email privacy@exeevo.com.
If an individual or a data subject is believed to have suffered harm due to a breach of data privacy rights by Exeevo under this Data Privacy Policy, and Exeevo has not handled the complaint in a satisfactory manner, any EU resident may also file a complaint with the concerned supervisory authority.
Exeevo and CCPA
This section supplements the information contained in our Privacy Policy and applies to all Consumers residing in the state of California according to “The California Consumer Privacy Act of 2018” (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time (“CCPA”) and is effective upon the date that the CCPA enters into operation. Consumers are referred to below as “you”, “your”, “yours”, and, for such Consumers, these provisions supersede any other possibly divergent or conflicting provisions contained in the Privacy Statement. This part of the Privacy Statement uses the terms “Consumer”, “Personal Information”, “Sale” and “Business Purpose” as they are defined in the CCPA. All other terms in this section of the Privacy Statement are intended to have the same meaning as in the CCPA.
Children’s Privacy
The CCPA regulates the online collection of Personal Information from children under the age of 16. Our Services are not directed to or used by children, and we do not knowingly collect Personal Information from children under the age of 16.
Collection of Personal Information
Category of personal information collected | Collect | Disclose | Sell | Sources of collection categories | Third Parties whose personal information is shared |
As of the effective date, our Disclosures for a Business Purpose include:
- Auditing related to a current interaction with the Consumer and concurrent transactions, including, but not limited to auditing compliance with this specification and other standards.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Debugging to identify and repair errors that impair existing intended functionality.
- Performing services on behalf of Exeevo or a Customer, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying Consumer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of Exeevo or a Customer;
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to improve, upgrade, enhance, verify or maintain the quality of Exeevo Services
- Disclosure to a Third Party, that is bound not to further disclose such information and is prohibited from Selling such information.
- Consumer Identity Verification Information or Authorized Agent designation and identity verification; and Compliance with law.
Verifiable Consumer Requests
You can use the email at the end of this Privacy Statement to make requests related to your rights under the CCPA.
If you are a Consumer, you have the right to request that we disclose to you (i) the categories of Personal Information we collected about you and the Categories of Sources from which we collected such information; (ii) the specific pieces of Personal Information we collected about you; (iii) the Business or Commercial Purpose for Collecting Personal Information about you; and (iv) the categories of Personal Information about you that we shared or Disclosed and the Categories of Third Parties with whom we shared or to whom we disclosed such information in the preceding 12 months. You also have the right to request that we delete the Personal Information we collected from you, subject to certain exceptions explained below.
You also have the right to not be discriminated against in pricing and services because you exercise any of your rights under the CCPA. Exeevo does not offer Financial Incentives or Price or Service Differences to Consumers in exchange for the retention or Sale of a Consumer’s Personal Information.
You may only make a Verifiable Consumer Request for access or data portability twice within a 12-month period. The Verifiable Consumer Request must:
Provide sufficient information that allows us to reasonably Verify you are the Consumer about whom we collected personal information or an authorized Agent (i.e., a person registered with the California Secretary of State that you authorize to act on your behalf). You may be required to submit proof of your identity. Only you or your Authorized Agent may make a verifiable Consumer Request regarding your Personal Information.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will confirm receipt of your Verifiable Consumer Request promptly and aim to respond within 45 days of its receipt. Should we need more time, we will explain why and how much more time we need to complete the request. Please note that we may need to take up to 90 days to fulfill your request.
We do not charge a fee to process or respond to your Verifiable Consumer Request unless we reasonably determine it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will respond to your request consistent with the CCPA requirements, which do not apply to certain information excluded from the scope of the CCPA, such as publicly available information from government records; De-identified information, Aggregated Consumer Information, and information excluded from the CCPA’s scope, including health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
We will review the information related to your Verifiable Consumer Request that you provide and may request additional information from you to help ensure we are interacting with the correct individual. If you have an online account with us, you may be required to log-in to your account for identity verification. If you do not have an account with us, other information to Verify your identity may be required by law before we may act upon such a request. This other information may vary depending on the nature of your request and/or the nature of the information about which your request relates. We may also be required by law to obtain a signed declaration under penalty of perjury from you. If we suspect fraudulent or malicious activity, we will delay acting on your request until we can appropriately Verify your identity and the request as authentic.
By law, we are not required to Collect Personal Information that we otherwise would not Collect in the ordinary course of our business, retain Personal Information for longer than we would otherwise retain such information in the ordinary course of our business, or reidentify or otherwise link information that is not maintained in a manner that would be considered Personal Information. If we have not requested specific information from you to Verify your request, please do not send such information.
We generally will aim to avoid requesting additional information from you for the purposes of verification. However, if we cannot reasonably verify your identity or more information is needed for security or fraud-prevention purposes, we may consider any of the following factors, alone or in combination, in requesting additional information:
The type, sensitivity, and value of the Personal Information Collected and maintained about the Consumer, as applicable law requires a more stringent verification process for sensitive or valuable Personal Information.
The risk of harm to the Consumer posed by any unauthorized access or deletion.
The likelihood that fraudulent or malicious actors would seek the Personal Information.Whether the Personal Information to be provided by the Consumer to Verify their identity is sufficiently robust to protect against fraudulent requests or being spoofed or fabricated.The way we interact with you as the Consumer.Available technology for verification; andOther factors that may be reasonable in the circumstances, are consistent with industry practice, are recommended by California government officials, or which may be required by law or regulation following the effective date of this Privacy Statement.
If your request concerns household information, the same verification steps above are required before we can provide you with aggregate household information. For us to process a request for access to or deletion of specific pieces of information regarding your household, all household members must make the request, and we must be able to Verify each household member.
In some cases, we may not have sufficient information about you or your household to be able to Verify your identity or sufficiently differentiate you from another consumer or household to the degree of certainty required by law, in which case, we will not be able to act upon your request. In such cases, it may be unlikely that we would be able to identify you or your household in the future without Collecting significantly more information or seeking to reidentify De-identified information. At this time, we do not intend to take such steps in response to a request made pursuant to this Privacy Statement and applicable law does not require that we do so. If, in the future, we determine a reasonable method to identify you or your household absent such steps, we will provide an update to you through this Privacy Statement and in response to any such request at that time.
Information that you submit to allow us to Verify your identity in furtherance of an individual Consumer-related or household-related request pursuant to California law will only be used by us and our Service Providers, if any, for that purpose and no other. Except where we are required by law to maintain such information for record-keeping purposes, we will take steps to delete any new Personal Information Collected for the purpose of verification as soon as practical after processing your request.
Please also be aware that making any such request does not ensure complete or comprehensive removal or deletion of Personal Information or content you may have posted. When we receive a deletion request, it may be necessary for us to flag certain Personal Information and suppress any future processing or sharing of that information to ensure proper fulfillment and implementation of the deletion request on an ongoing basis. In addition, there may be circumstances in which the law does not require or allow us to fulfill your request, including, for example, where retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we Collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another Consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with any Consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- You may make other internal and lawful uses of that information that are compatible with the context in which you provided it.
To exercise your rights email privacy@exeevo.com. Please note we only accept or process requests through the privacy@exeevo.com email.
Omnipresence Privacy Policy
Introduction
Exeevo respects the privacy of individuals and is committed to protecting it. For purposes of this Policy, “You” or “Your” shall reference you, Personal Information relating to you, or Personal Information relating to other individuals, that you or your Employer input into the Omnipresence Mobile or Web Applications (the “App”). Your employer whether a company, firm, or organization where you are working on a full time basis, on contract, or through a third party agency (“Employer”) has subscribed to the Omnipresence platform either directly with Exeevo (“Exeevo”) or indirectly via an authorized reseller. This privacy statement does not change any terms of a business agreement with your Employer or between your Employer and a reseller, as applicable, but is simply intended to provide additional information to you regarding data in the Omnipresence platform. Along with Your instructions, Exeevo will also act on behalf of those third parties, like your Employer, who have the discretion to determine the purposes and means of processing Personal Information, pursuant to their Omnipresence SaaS license (“License”) and applicable data protection laws. Since, for the most part, Exeevo’s processing of such data for the Omnipresence platform is under the direction of your Employer, directly or indirectly as applicable. You should contact your Employer with any questions regarding the usage of data as part of the Omnipresence platform.
This privacy statement describes:
- The types of Personal Information we may collect or that you may provide when you download, install, register with, access, or use the App.
- Our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies only to information we collect in this App, in email, text, and other electronic communications sent through or in connection with this App and the Omnipresence platform.
This policy DOES NOT apply to information that:
- We collect offline or on any other Exeevo apps or websites, including websites you may access through this App.
- You provide to, or is collected by, any third party or your Employer.
Other Exeevo websites and apps, third parties, and your Employer, may have their own privacy policies, which we encourage you to read before providing information on or through them.
1. Information We Collect and How We Collect It
We collect information from and about users of our App:
- Directly from you when you provide it to us.
- Automatically when you use the App.
- Indirectly, from your Employer.
- Indirectly, from a Service Provider of your Employer.
2. Information Provided to Us
In order to download, register with, or use this App, your Employer or you may provide information:
- Which relates to you or another individual such as: name, email address, telephone number, Employer, or similar information that is defined as personal or “personally identifiable” under applicable law (“Personal Information”).
- That is about you or another individual but individually does not identify them, such as: business contact information, Employer information not directly related to an individual, or similar information needed for use of the App.
This information includes identifiers, commercial information, and employment related information. More specifically, we process:
- Information entered by you, or information required to be entered by your Employer by filling in forms in the App. This includes information provided at the time of registering to use the App and also when reporting issues or opening tickets.
- Records and copies of correspondence (including email addresses and phone numbers), if you contact us.
- Details of transactions or communications you carry out through the App, and the fulfillment of those transactions or communications.
3. Automatic Information Collection and Tracking
When the App is downloaded, accessed, and otherwise utilized, the App uses technology to automatically collect internet, device, and network information. More specifically, we process:
- Usage Details. We automatically collect certain details of access to and use of the App, including traffic data, location data, logs, and other communication data and the resources that you access and use on or through the App.
- Device Information. We collect information about the mobile device and internet connection, including the device’s unique device identifier, IP address, operating system, browser type, mobile network information, and the device’s telephone number.
- Stored Information, Files, Resources. The App also accesses metadata and other information associated with other files stored on the device such as calendar or address book, or other local resources such as the camera or microphone, if required by the uses permitted in your Employer’s License.
- Location Information. The App collects real-time information about the location of a device on which it is downloaded. When location services is turned on, the App will use such services to determine physical location and collect such information.
If you do not want us to collect this information do not download the App or delete it from your device and contact your Employer directly. Additionally, you may be able to turn off access to specific stored information, files, resources or location services via your device’s preferences controls as permitted by your Employer’s hardware and software policies. Note, however, that if you turn off such access you may not be able to access those features of the App or they may not function as expected.
We also use these or other technologies to collect information about an Employer’s employee engagement activities over time as permitted by the Employer’s License. If you have any questions about such action then you should contact your Employer directly.
4. Information Collection and Tracking Technologies
The technologies we use for automatic information collection may include:
- Cookies (or mobile cookies). A cookie is a small file placed on a smartphone. It may be possible to refuse to accept mobile cookies by activating the appropriate setting. However, if selected, certain features of the App may be limited, inaccessible, or may not function as expected.
- Localized Database. When using the App, it may download, store, and periodically sync this localized data to the device on which it is downloaded. The localized database could contain the information and content for which the App is used, such as your information, your customer data, your calendar, your customer signed forms, your presentations as well as usage or security data related to the App and its functionalities.
- Web Beacons. Pages of the App or content contained in the App or emails generated from or about the App may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the App, for example, to count users who have visited those pages or opened an email and for other related App statistics (for example, recording the popularity of certain content and verifying system and server integrity).
- Locally Shared Objects (LSOs or Flash Cookies). Pages of the App, and parts of the Omnipresence platform use LSOs in a similar way to Cookies. These small files are automatically downloaded onto a device and are used to track activity and collect data, similar to Cookies.
5. Third-Party Information Collection
When you use the App or its content, certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties include:
- Third party service providers to Exeevo which enable certain functionality or analytics for the Omnipresence platform;
- Analytics service providers or content developers related to the content provided in the Apps by your Employer or you, if applicable;
- Your mobile device manufacturer; and
- Your mobile service provider.
Some of these third parties may use tracking technologies to collect information about you when you use the App. The information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites, apps, and other online services websites. They may use this information in ways your Employer may have agreed to, or otherwise. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about third party information collection you should contact your Employer directly.
6. How We Use Your Information
We use information that we collect about you or that you provide to us in the App, including any Personal Information, to:
- Provide you with the App, its content, and functionality; as well as any other related information, products, or services.
- Coordinate communications between you and your Employer’s customers or between you and other users, as permitted by functionalities included in your Employer’s License.
- Establish and maintain your Employer’s customer contacts and related customer engagement capabilities.
- Give you notices about your user account, including notifications from the App.
The usage and customer engagement information we collect helps us to improve our App and deliver a better and more personalized experience by enabling us to:
- Recognize you when you use the App.
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our App according to your individual interests.
- Increase search speed.
- Connect you to recommended actions and content, predictions or other insights as determined by intelligent algorithms, as permitted by your Employer’s License.
We may use the information we collect to display content (including commercial messages) to specific target audiences. Even though we do not disclose your Personal Information for these purposes without your consent, if you click on or otherwise interact with such content, the content provider (either us or a third party) will assume that you meet the target criteria.
7. Disclosure of Personal Information
We may disclose without restriction, aggregated information about our users and App functionalities; this information that does not identify you, or any individual or device. Such information may be used in various analytics including reports, charts, or algorithms to generate insights or recommendations for you as well as other users, without identifying an individual.
In addition, we may disclose Personal Information that we collect or you provide according to any provisions in your Employer’s License:
- To our subsidiaries and affiliates.
- To your Employer for various reporting and analytics including reports, charts, or algorithms to generate insights or recommendations for your Employer and other users to who your Employer provides the App.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Exeevo’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Exeevo about our App users is among the assets transferred.
- To fulfill the purpose for which you provide it. For example, if you give us an email address to use the “contact” feature of our Website or App, we will transmit the contents of that email and your email address to the recipients.
- For any other purpose disclosed by us when you provide the information.
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Exeevo, our customers or others. This includes exchanging information with other companies and organizations for the purposes of identity theft prevention, fraud protection, and risk reduction.
We do not share Personal Information with third parties for their own marketing or cross contextual behavioral advertising uses. Nor do we sell Personal Information as the term “sell” is defined in Cal. Civ. Code §1798.140(ad).8. Your Choices About Our Collection, Use, and Disclosure of Your Information
We strive to offer choices regarding the Personal Information provided to us. However, the mechanisms Exeevo offers with regard to Your control over Your Personal Information may differ from Your Employer’s. This section describes mechanisms we provide to control certain uses and disclosures of over your information. Please contact your Employer directly before turning off any settings in your device.
- Tracking Technologies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies or block the use of other tracking technologies, some parts of the App may then be inaccessible or not function properly.
- Location Information. You can choose whether or not to allow the App to collect and use real-time information about your device’s location through the device’s privacy or location services settings. If you block the use of location information, some parts of the App may then be inaccessible or not function properly.
We do not control third parties’ collection or use of your information for their various purposes. However these third parties may provide you with ways to choose not to have your information collected or used in this way.
9. Accessing and Correcting Your Personal Information
You can review and change your Personal Information, only as permitted by your Employer, by logging into the App and visiting your user profile page. You may also contact your Employer directly to request access to, correct, or delete any Personal Information about yourself or your customer contacts that you have entered into the App. We cannot delete such Personal Information or accommodate a request to change information without your Employer’s approval or if we believe the change would violate any law or legal requirement.
10. Data Security, Storage, and Retention
We have implemented commercially reasonable administrative, procedural, and technical measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure, according to such provisions in your Employer’s License.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our App, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information to other users and to follow your Employer’s hardware and software policies at all times.
Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted through our App. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide.
Your data is stored in one or more of our global hubs, which are made up of data centers provided by leading cloud products providers including but not restricted to such as Microsoft, Google and Amazon, according to the best location for performance of the App in your geography, your Employer’s preferences or requirements, and any other data residency requirements. You should contact your Employer directly if you have questions about where your data is stored.
Your data is retained in our global hubs according to the provisions in your Employer’s License.
11. Changes to Our Privacy Policy
We may update our privacy policy from time to time. If we make material changes to how we treat our users’ Personal Information, we will post the new privacy policy on this page with a notice that the privacy policy has been updated.
The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address and phone number for you and for periodically visiting this privacy policy to check for any changes.
12. Contact Information
To ask questions or comment about this privacy policy and our privacy practices, you can contact us at privacy@exeevo.com or +1.905.845.8668, however please note that specific questions related to exercising your rights with regards to your Personal Information may be better suited for your Employer.
Omnipresence Terms of Service
Introduction.
Your employer whether a company, firm or organization where you are working on a full time basis, on contract, or through a third party agency (“Employer”) has subscribed to the Omnipresence platform either directly with Exeevo (“Exeevo”) or indirectly via an authorized reseller. These Terms Of Service (“User Terms”) do not change any terms of a business agreement with your Employer or between your Employer and a reseller, as applicable, but is a binding agreement between you (“End User” or “you”) and Exeevo. These User Terms govern your use of the Omnipresence Mobile or Web Applications including all related documentation (the “App”) according to the terms of your Employer’s Omnipresence SaaS license (“License”). The App is licensed, not sold, to you.
YOU (A) ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THESE USER TERMS; (B) REPRESENT THAT YOU ARE 18 YEARS OF AGE OR OLDER/OF LEGAL AGE TO ENTER INTO A BINDING AGREEMENT; AND (C) ACCEPT THESE USER TERMS. IF YOU DO NOT AGREE TO THESE USER TERMS, DO NOT USE THE APP AND CONTACT YOUR EMPLOYER.
- License Grant. Subject to the terms of these User Terms and to your Employer’s License, Exeevo grants you a limited, non-exclusive, and non-transferable license to:
(a) download, install, and use the App for your use on a single mobile device or desktop owned or otherwise controlled by you or your Employer (“Device”) strictly in accordance with the App’s documentation; and
(b) access, stream, download, and use on such Device the Content and Services (as defined in Section 3) made available in or otherwise accessible through the App, strictly in accordance with these User Terms and the Terms of Use applicable to such Content and Services as set forth in Section 3. - Electronic Signatures. You agree to transact electronically through the App. This agreement includes Your agreement to receive legally required notices electronically. You agree that Your electronic signature will have the same effect as Your manual signature. You further agree that Your use of a key pad, mouse or other device to select an item, button, icon or similar act/action, constitutes Your signature as if actually signed by You in writing. You also agree that no certification authority or other third-party verification is necessary to validate Your electronic signature, and the lack of such certification or third party verification will not in any way affect the enforceability of Your electronic signature. In order to access, fulfill and retain the following electronic forms, Your computer must be equipped and compatible with the most common operating systems and internet browsers.
- Communications & Video.
(a) By providing your telephone number, you are providing express written consent to receive communications from Exeevo, (including its affiliates, agents, service providers, and affiliates for the purposes of defined herein) for any purpose, including but not limited to marketing various services from both Exeevo and companies Exeevo has joint marketing agreements with. Additionally, you agree to receive communications from Exeevo regarding Exeevo services or technology, the App, your use of the App or platform, as well as any information you may have obtained via your use of the App or platform. You agree that these communications include, but are not limited to, the use of an Automated Telephone Dialing System, prerecorded and/or artificial voice, SMS, MMS, text, fax, email or other similar means. Note, regardless of whether your phone number is registered on a state or federal Do Not Call list. You agree that Exeevo, or its agent, is not responsible for any charges to you regarding these communications. Standard voice and data rates may apply. Further, you understand that you do not need to provide this consent to call as a condition to use the App or platform, in which case you will not provide your phone number.
(b) You agree and consent to Exeevo’s collection, use, and transfer to third parties any information related to your viewing of videos present on the Exeevo platform, through the App, or otherwise presented to you by Exeevo. You further agree that the disclosure of your viewing activity may be for administrative, technical, and marketing purposes. - Reservation of Rights. You acknowledge and agree that the App is provided under license, and not sold, to you. You do not acquire any ownership interest in the App under these User Terms, or any other rights thereto other than to use the App in accordance with the license granted, and subject to all terms, conditions, and restrictions, under these User Terms. Exeevo and its licensors and service providers reserve and shall retain their entire right, title, and interest in and to the App, including all copyrights, trademarks, and other intellectual property rights therein or relating thereto, except as expressly granted to you in these User Terms.
- Content and Services. The App may provide you with access to the Hosted Services (as defined in your Employer’s License) and products and services accessible thereon, and certain features, functionality, and content accessible on or through the App may be hosted on Omnipresence (collectively, “Content and Services”). Your access to and use of such Content and Services are governed by the License. Your access to and use of such Content and Services requires your Employer to execute such a License and to register you with Exeevo, and their failure to do so may restrict you from accessing or using certain of the App’s features and functionality. Any violation of such License will also be deemed a violation of these User Terms.
- Updates. Exeevo may from time to time in its sole discretion develop and provide App updates, which may include upgrades, bug fixes, patches, other error corrections, and/or new features (collectively, including related documentation, “Updates”). Updates may also modify or delete in their entirety certain features and functionality. You agree that Exeevo has no obligation to provide any Updates or to continue to provide or enable any particular features or functionality other than what is provided by your Employer’s License. You shall promptly download and install all Updates as required by your Employer and acknowledge and agree that the App or portions thereof may not properly operate should you fail to do so. You further agree that all Updates will be deemed part of the App and be subject to all terms and conditions of these User Terms.
- Collection and Use of Your Information. You acknowledge that when you download, install, or use the App, Exeevo may use automatic means (including, for example, cookies and web beacons) to collect information about your Device and about your use of the App. You also may be required to provide certain information about yourself as a condition to downloading, installing, or using the App or certain of its features or functionality. All information we collect through or in connection with this App is subject to the Privacy Policy.
- Prohibited Uses. You must not use the Content and Services in any way that violates the Acceptable Use Policy in your Employer’s License. This policy includes may cover:
(a) General usage rules
(b) Unlawful Content
(c) Graphic material
(d) Factual accuracy
(e) Marketing and spam
(f) Monitoring
(g) Hyperlinks
(h) Harmful software
You should contact your Employer’s appropriate representatives to request more information about the prohibited uses. - Content. The App may display, include, or make available content from your Employer or third-party content (including data, information, applications, and other products, services, and/or materials) or provide links to such content for customer engagement purposes (“Customer Engagement Materials”). You acknowledge and agree that Exeevo is not responsible for any Customer Engagement Materials, including their accuracy, completeness, timeliness, validity, copyright compliance, legality, decency, quality, or any other aspect thereof. Exeevo does not assume and will not have any liability or responsibility to you or any other person or entity for any Customer Engagement Materials. Customer Engagement Materials and links thereto are provided solely as a functionality to you, and you access and use them entirely at your own risk and subject to your Employer’s and any applicable third parties’ terms and conditions.
- Term and Termination. The term of User Terms commences when you download and install the App or have this done for you by your Employer and will continue in effect until terminated by your Employer or Exeevo as set forth in this section. In addition, these User Terms will terminate immediately and automatically without any notice if you violate any of the terms and conditions of these User Terms. Upon termination all rights granted to you under this User Terms will also terminate; you must cease all use of the App and delete all copies of the App from your Device or have this done for you by your Employer. Termination will not limit any of Exeevo’s rights or remedies at law or in equity.
- Disclaimer of Warranties, Limitations of Liability, Indemnification, Governing Law and other rights are according to the provisions of your Employer’s License. You should contact your Employer’s appropriate representatives to request more information about these terms.
- Severability. If any provision of these User Terms is illegal or unenforceable under applicable law, the remainder of the provision will be amended to achieve as closely as possible the effect of the original term and all other provisions of these User Terms will continue in full force and effect.
- Entire User Terms. These User Terms and your Employer’s License constitute the entire agreement between you and Exeevo with respect to the App and supersede all prior or contemporaneous understandings and agreements, whether written or oral, with respect to the App.