October 28th, 2021.
Your privacy is very important to us. We value the trust that you place in us by giving us your personal information and promise to only use your personal information in a way that is fair and worthy of that trust.
We also promise to always be transparent with you about what information we collect, what we do with it, with whom we share it, and whom you should contact if you have any concerns. xMatters is committed to best practices to protect the information we process.
What is Personal Data?
The term ‘personal data’ is defined on the General Data Protection Regulation (GDPR) Art. 4 (1)
As: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We only collect the minimum amount of personal information that we determine necessary for service delivery to our customers.
Privacy Notice Scope
This privacy notice is applicable to every individual that:
- Accesses the xMatters website
- Purchases xMatters services (Customers)
- Uses the xMatters Software-as-a-Service (SaaS) platform
How We Collect and Use Your Personal Information
The following sections outline how we collect and use personal information.
Collection and Use of Information on the xMatters Website and xMatters Platform
We may collect the following personal information from users who visit our website:
- Contact information such as name, email address, mailing address, phone number, IP address
- Unique identifiers such as username and password
- Information about your business such as company name and job title
We use this information to:
- Assess the needs of your business to determine suitable products
- Send you requested product or service information
- Respond to customer service requests
- Send you marketing communications
- Respond to employment inquiries
- Improve our website and marketing efforts
- Conduct research and analysis
User Data Supplementation
We purchase marketing data about our customers from third parties and combine it with information we have already collected to help us ensure the data is accurate and complete. xMatters will retain your information for as long as your account is active or as needed to provide you and offer our services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
When you download and use our Services, we automatically collect information on the type of device you use and the operating system version.
We send you push notifications from time-to-time to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
We do not ask for, access, or track any location-based information from your mobile device at any time while downloading or using our mobile apps or services.
We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
Collection and Use of Information Through the xMatters Service (SaaS Platform)
The xMatters service collects information under the direction of our customers, and we have no direct relationship with the individuals whose personal data it processes. xMatters works with our customers to help them provide notice to their customers concerning the purpose for which personal information is collected. We collect the following kinds of personal information from our customers:
- Contact information such as name, email address, mailing address, phone number, job title
- Unique Identifiers such as username and password
- Information about their business such as company name and business type
We use this information to:
- Submit notifications, emergency warnings and updates to individuals on the behalf of our customers
- Assess system health, volume metrics, and performance data
- Send requested product or service information
- Respond to customer service requests
- Administer accounts
- Send marketing communications
How We Disclose Your Personal Information
We will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell your personal information to third parties.
If you are an employee of an xMatters corporate customer, requests for withdrawal of processing service-related information must be done under the direction of our corporate customer. System administrators have complete control over their employees’ personal information, so only system administrators can disclose, retain or delete service-related information.
Service Providers and Sub-Processors
We may provide your personal information to companies that provide services to help us with our business activities such as submitting promotional email communications and emergency alerts to you on the behalf of xMatters. These companies are authorized to use your personal information only as necessary to provide these services to us. xMatters may transfer personal information to companies that help us provide our service to our our customers. Transfers to subsequent third parties are covered by the provisions in this policy regarding notice and choice and the service agreements with our customers.
We may also disclose your personal information:
- as required by law, such as to comply with a subpoena, or similar legal process.
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; and/or
- to any other third party with your prior consent to do so.
If xMatters is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or use of your personal information, as well as any choices you may have regarding your personal information.
Like most websites, we gather certain information and stores it automatically in log files. This helps us monitor site traffic, referrals, exit patterns, browser and operating system trends, and clickstream data. We may combine this automatically collected log information with other information we collect about users.
How Long We Retain Your Personal Information
xMatters will retain personal data we process on behalf of our active customers to provide services to our client. xMatters will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
When client stop using our services, their data will be deleted in 60 days.
Personal Information Transfers Outside of EU
xMatters uses Standard Contractual Clauses as part of Data Processing Agreements (DPA) as the cross-border transfer mechanism. xMatters also undergoes annual privacy audits conducted by an independent firm to validate compliance with all applicable laws.
Personal Information Associated with U.S. Data Subjects
xMatters participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. To learn more about the privacy shield framework, visit the U.S. Department of Commerce’s Privacy Shield List.
If there is any conflict between the terms in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
xMatters commits to resolve privacy shield complaints about human resources information of U.S. data subjects in the context of the employment relationship and employee data that it processes in its role as a service provider in accordance with applicable state or federal law, including the Privacy Shield Principles. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
xMatters has further committed to cooperate with EU data protection authorities (DPAs) and/or the UK Commissioner’s Office and/or the Swiss Federal Data Protection and Information Commissioner with regard to unresolved complaints concerning human resources data of data subjects transferred from the EU, the UK or Switzerland, respectively, in the context of the employment relationship and employee data that it processes in its role as a service provider.
The services of the DPAs, ICO and Commissioner are provided at no cost to you. You can find details of the relevant DPA at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
How We Protect Your Personal Information
We use physical, electronic and procedural safeguards to protect against unauthorized use, access, modification, destruction, disclosure, loss, or theft of your personal information.
The security of your personal information and our customers’ information is important to us. When you enter sensitive information (such as login credentials) we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. If you have any questions about security on our website, you can contact us via one of the methods listed below.
For more information about technical safeguards: https://www.xmatters.com/trust/security/data-encryption/
Who is in charge of Your Information
xMatters is responsible for ensuring all necessary processes to protect your information are in place. We also have a robust privacy program managed and audited by the Information Assurance team.
You can contact xMatters at firstname.lastname@example.org.
Rights about your Personal Information
You have the right to require us to:
- provide you with further details on the use we make of your information
- provide you with a copy of information that we hold about you;
- update any inaccuracies in the personal data we hold;
- delete any personal data that we no longer have a lawful ground to use;
- where processing is based on consent, to withdraw your consent so that we stop that particular processing;
- object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
- restrict how we use your information whilst a complaint is being investigated.
You may also ask us not to process your personal data for marketing purposes. We will inform you if we intend to disclose your information to any third-party service provider for this purpose. You can exercise your right to prevent such processing at any time by contacting us.
We are also required to take reasonable steps to ensure that your personal data remains accurate. In order to assist us with this, please let us know of any changes to the personal data that you have provided to us by contacting us or by using any relevant Customer Support channels and/or personnel.
If you are not satisfied with our use of your personal data or our response to any exercise of these rights, you have the right to complain to the relevant supervisory authority (data protection regulator). For any questions, you can get in touch with us at: email@example.com
Notification About Privacy Breaches
We have a process in place to handle privacy breaches that involves, but is not limited to, report the breach, contain the breach and assess the extent and impact of the Privacy Breach.
In the case of a privacy breach, we will promptly notify our customers the breach has been confirmed, in accordance with applicable law or the service agreements we have with our customers.
We may update this privacy statement to reflect changes to our information practices. We will indicate at the top of the Privacy Statement when it was most recently updated. All changes are effective immediately when they are posted and apply to all access to and use of the website thereafter.
If we make any material changes, we will notify our customers by email or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Your privacy is extremely important to us. Please send all privacy concerns to firstname.lastname@example.org. Additional contact information can be found here.
25 Corporate Drive, Suite 400
Burlington, MA, US 01803