Xima Privacy Shield Policy Last Updated November 14th, 2019
Xima commits to adhere to the EU-US Privacy Shield Framework by adopting and implementing the EU-US Privacy Shield Principles (“Principles”). Our certification can be found at www.privacyshield.gov/list
How We Obtain Personal Information As a data controller, we collect and process EEA Personal Information directly from individuals, either through our publicly available website, www.ximasoftware.com, or in connection with our relationships with our partners, customers, resellers and vendors.
As a data processor, we process and store EEA Personal Information obtained from our customers when providing our customers software and related technical and customer support services (Xima’s software and all related services may be referred to hereinafter collectively as the “Services”). In this context, we process Personal Information on behalf of and at the instructions of our customers, which are the data controllers.
Xima commits to subjecting to the Principles all Personal Information received form the EEA in reliance on the Privacy Shield (which includes both types of activities)
Disclosure of Personal Information We work with other companies that provide services or help support our business. These companies may have access to your Personal Information, including (i) with our partners and affiliated companies, as reasonably necessary to provide or support our Services; (ii) with our resellers and other sales partners for the purpose of assisting you with ordering and/or implementing the Services; and (iii) when we hire companies to help us market our website and Services to provide you with information and offers related to Xima.
Xima may also share your Personal Information (i) when we are required to provide information in response to a subpoena, court order, applicable law, government statute, regulation or other legal process; (ii) when we have a sincere belief that the disclosure is necessary in our legitimate interests to prevent or respond to fraud, defend our website or Services against attacks, protect the property or security of Xima or the property and security of our customers; (iii) as necessary to meet lawful requests by public authorities, including to meet national security or law enforcement requirements; (iv) if we merge with or are acquired by another company; (v) when we aggregate and share de-identified information collected by our Services in order to provide statistical information or market research to third parties; or (vi) when you consent to the sharing
If we disclose it to a third party acting as a data controller or as an agent, we will comply with, and protect the Personal Information as stated in the Accountability for Onward Transfer Principle. If the case of disclosure to an agent, we remain responsible for the processing of Personal Information received under the Privacy Shield and subsequently transferred to that agent if it processes such Personal Information in a manner inconsistent with the Principles, unless we establish that we are not responsible for the event giving rise to the inconsistent processing. When we process Personal Information in the context of our Services, we disclose Personal Information as necessary to provide the services and as authorized in our agreements with customers.
Data Security We have instituted appropriate and reasonable measures to protect your Personal Information from loss, misuse and unauthorized access, destruction, alteration and/or disclosure, taking into account the inherent risks involved in the processing and the nature of the Personal Information.
Access to Personal Information As appropriate, Xima provides you with access to the Personal Information that we maintain about you and the ability to correct, amend or delete that information when it is incorrect or has been processed in violation of the Principles by sending a written request as indicated in the contact information provided below. We will review all requests in accordance with the Principles, and may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive given the circumstances, or as otherwise permitted by the Principles. To the extent that we use your Personal Information for a purpose that is substantially different from the purposes listed in this policy or if we intend to disclose it to a third party acting as a controller not previously identified, we will offer you the opportunity to opt-out of such uses and disclosures where is involved non-sensitive information or opt-in where sensitive information is involved.
When we process Personal Information in the context of our Services, we only process and disclose the data as necessary to provide the Services. If you wish to request access, to limit use, or to limit disclosure of Personal Information uploaded to the Services by one of Xima’s customers, please contact the customer who submitted your data to our Services. If you provide us with the name of our customer that is processing your Personal Information, we will refer your request to that customer and will support the customer as needed in responding to your request.
Enforcement If you have any questions or concerns regarding Xima’s Personal Information practices or compliance with the Principles, we encourage you to write to us as indicated below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles. If an issue cannot be resolved, individuals may contact or submit a complaint, at no cost, to the JAMS EU-US Privacy Shield Program, which is based in the United States. We will cooperate with JAMS pursuant to the JAMS International Mediation Rules, which are accessible on the JAMS website at https://www.jamsadr.com/eu-us-privacy-shield. For residual complaints not fully or partially resolved by other means, individuals may be able to invoke binding arbitration as detailed in the Principles. The Federal Trade Commission has jurisdiction over compliance with the Privacy Shield.
Xima, LLC Attn: Jeff Jorgensen 10610 S. Jordan Gateway, Suite 300 South Jordan, Utah 84095 (p): 888-944-9462 (e): firstname.lastname@example.org