This Policy addresses:
A. Personal Information Collected
B. Exari’s Use of PII – General
C. Licensee’s Use of PII– Software
D. Licensee’s Use of PII– Hosting Services
E. Consulting Services
F. Other Services
G. Enhancement of the Customer Experience
H. Information Disclosed to Third Parties
I. On-line Information
J. Security Measures
L. Policy Updates
M. Security Breaches
N. Contact Us
O. Safe Harbor Principles
P. Dispute Resolution
As a general principle, Exari limits the information collected about you to only what is needed for conducting our business, including the offering of products and services by us or by third parties that might be of interest to you. You may choose to provide “personally identifiable information” (PII) to Exari in a number of ways: in person, by telephone, by email or electronically via our websites. Examples of how you may share PII with us include: requesting a brochure or product information, issuing an RFP, ordering software or services from us, responding to Exari surveys, attending Exari-sponsored events or conferences, or applying for a job. We may also obtain PII from third parties (for example, credit agencies or background checks), but only if we have first obtained your permission.
General Examples of PII are:
- Name (including company name for business customers)
- Email address
- Credit card number, financial/bank account number or wire transfer information, including routing numbers and instructions
- Passwords or personal identification codes (PINs)
- Date of birth
- Social Security number or other government identification number
- Employee number
- Professional employment information
- Company contact information for business customers
Exari’s software products and services involve the creation and management of contracts and agreements. When our Licensees subscribe to our products and services, they may collect additional PII such as:
- Names, email addresses and other identifying information of parties to the agreement.
- The PII of lawyers, agents and other third parties who are involved with the agreements.
Exari also compiles lists of sales leads, either by analysis of data available on the Internet, or purchased from privates sources. We also rent lists of leads from third parties. These lists of sales leads can sometimes include PII.
The following information is NOT PII:
- Mailing address, unless unlisted or restricted at your request
- Telephone number, unless unlisted or restricted at your request
- IP Address allowing you to access our internet services
- PII included in aggregate data compiled by Exari
Exari may compile or aggregate PII from numerous customers or Web visitors to collect data about groups of customers or potential customers or categories of service. Exari does not consider this “aggregate” information as PII because the aggregated information does not contain the PII of any individual customer or Web visitor.
Exari uses PII to provide products and services to meet our customers' needs, including new products or services. Exari may share PII with any Exari-affiliated company, and these companies are subject to the terms of this Policy.
Exari uses employee PII to communicate with and manage our employees.
Exari retains PII only as long as is necessary for Exari to comply with business, tax and legal requirements. For customers and employees, this retention period is likely to be the entire time you are our customer or employee, depending on the type of PII.
Exari does not:
- Collect PII from you unless you provide it to us in person, telephonically or electronically by visiting our websites, including information you provide in order to use our services.
- Sell the names and addresses of Exari Web visitors to unaffiliated suppliers without your prior approval.
- Allow third parties to change your PII, without complying with our security policies.
Exari’s licensees can use our Software products to collect PII from their employees, affiliates, law firms and agents. The collection, access, administration and storage of this PII are under the control of our licensees, with no involvement or access by Exari personnel. The only occasional exception to this statement is if a Client provides Exari personnel emergency access to their Exari software, usually for the purposes of diagnosing and fixing a software program error.
Exari Licensees sometimes contract with Exari to provide hosting services for their Exari software. When we do so, we always utilize a data center that is SSAE 16 compliant, and whose practices and infrastructure comply with the US-EU Safe Harbor Framework and the US-EU Safe Harbor Framework as set forth by the Department of Commerce (see, http://export.gov/safeharbor). Two of our current hosting data center providers are Safe Harbor Certified: Amazon ECS (see, http://safeharbor.export.gov/companyinfo.aspx?id=14795); and Windstream Hosted Solutions LLC (see, http://safeharbor.export.gov/companyinfo.aspx?id=14528).
When Exari provides hosting services to our Licensees, Exari never collects personal information for or on behalf of our licensees. Our licensees have exclusive responsibility for collecting and storing PII in the Exari software that we host for them. Exari technical support employees may have occasional access to the Licensee-collected personal information. This access is incidental to the Exari employees' performance of their IT-related duties for the technical maintenance and backup of the hosting environment. Backups of Licensee’s data are always encrypted.
Because we appreciate the trust you have in us, we continually look for ways to enhance your customer experience, both on our web site and with our software products. For example, at some time in the future, we may host a user conference, and obtain PII in connection with that event. From time-to-time, we may notify you about an Exari product or service using the information you have provided to us either in person, telephonically or electronically by visiting our websites, including information you provide to use our services. We strive to limit our offers to those we think you would benefit from and appreciate receiving. We want every contact you have with us to be a positive experience. If you prefer not to receive these Exari value-added services, offers and opportunities, just contact us at firstname.lastname@example.org.
Exari complies with all applicable laws and regulations regarding “Do Not Call” Lists. Generally, Exari is allowed to contact its customers, even if the customers are registered with federal or state Do Not Call Lists, because of our relationship with you. Exari will, of course, honor any request to remove your name from our telephone, mail or e-mail solicitation lists and will delete your information from existing files within a reasonable time period. Just contact us at email@example.com.
Exari does not sell PII of its customers to third parties. In limited circumstances, Exari may provide PII to third parties:
- To assist us in developing, promoting, establishing, maintaining and/or providing Exari-related products and services to you, including joint marketing efforts or promotions, but PII may not be used by the third parties for any other purpose;
- To assist us in establishing accounts, billing, collecting payment, enforcing the Terms and Conditions or the Acceptable Use Policy of our Exari services where permitted by law, and protecting or enforcing our rights or property or the services of our other customers from fraudulent, abusive, or unlawful use;
- To comply, when required by law, with court or administrative orders, civil or criminal subpoenas, warrants from law enforcement agencies, federal or state regulatory requirements, mandatory governmental audits, E911 reporting requirements, grand jury investigations, civil or criminal governmental investigations or reporting required by the National Center for Missing and Exploited Children, designated by federal law as a reporting mechanism for child pornography; and
- To appropriate law enforcement, 911 centers or emergency services when Exari, in good faith, believes the disclosure is necessary to protect a person, Exari property or the public from an immediate threat of serious harm.
Exari uses security techniques designed to protect your information from unauthorized access, including firewalls and access control procedures. We have security measures in place to protect against the loss, misuse and alteration of information under our control, or information that is processed by our software and under the control of our licensees. For example, when you use Exari software over the Internet, the information exchange between you and the Exari software is encrypted using the Secure Sockets Layer (SSL) protocol.
All Exari employees are bound by non-disclosure agreements designed to prevent them from disclosing any PII. Further, Exari’s employee guidelines state that Exari employees must abide by all state and federal laws and regulations in the performance of their job duties.
Our policies also limit access to PII to only those employees, contractors, agents or representatives that require the information to perform their jobs or assist Exari with providing products and services to you.
While our goal is to prevent any unauthorized disclosure of PII, Exari cannot guarantee that an unauthorized disclosure will not occur. We will make reasonable efforts to contact you if we determine that a security breach has occurred and that there is a reasonable risk of identity theft or as otherwise required by law.
If you have questions, concerns, or complaints about this Policy or Exari’s privacy practices, please contact an Exari customer care representative by email at firstname.lastname@example.org or write to us at Exari, Inc., ATTN: Privacy Officer, 745 Boylston Street, Boston, MA 02116 USA. We will respond to your inquiries in a timely manner.
Exari complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Exari has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Exari’s certification, please visit http://www.export.gov/safeharbor/.
For complaints that cannot be resolved between Exari and the user, such disputes will be arbitrated by the American Arbitration Association.