October 28th, 2020.
Your privacy is very important to us. We value the trust that you place in us by giving us your personal information and promise to only use your personal information in a way that is fair and worthy of that trust.
We also promise to always be transparent with you about what information we collect, what we do with it, with whom we share it, and whom you should contact if you have any concerns. xMatters is committed to best practices to protect the information we process.
What is Personal Data?
The term ‘personal data’ is defined on the General Data Protection Regulation (GDPR) Art. 4 (1) as any information which are related to an identified or identifiable natural person.
We only collect the minimum amount of personal information that we determine necessary to carry on our business.
Privacy Notice Scope
This privacy notice is applicable to every individual that:
- Accesses the xMatters website
- Purchases xMatters services (Clients)
- Uses the xMatters Software-as-a-Service (SaaS) platform
How We Collect and Use Your Personal Information
The following sections outline how we collect and use personal information.
Collection and Use of Information on the xMatters Website and xMatters Platform
- We may collect the following personal information from users who visit our website:
- Contact information such as name, email address, mailing address, phone number, IP address
- Unique identifiers such as user name and password
- Information about your business such as company name and job title
We use this information to:
- Assess the needs of your business to determine suitable products
- Send you requested product or service information
- Respond to customer service requests
- Send you marketing communications
- Respond to employment inquiries
- Improve our website and marketing efforts
- Conduct research and analysis
User Data Supplementation
We purchase marketing data about our customers from third parties and combine it with information we have already collected to help us ensure the data is accurate and complete. xMatters will retain your information for as long as your account is active or as needed to provide you and offer our services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
When you download and use our Services, we automatically collect information on the type of device you use and the operating system version.
We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
We do not ask for, access, or track any location-based information from your mobile device at any time while downloading or using our mobile apps or services.
We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
Collection and Use of Information Through the xMatters Service (SaaS Platform)
The xMatters service collects information under the direction of our clients, and we have no direct relationship with the individuals whose personal data it processes. xMatters works with our clients to help them provide notice to their customers concerning the purpose for which personal information is collected. We collect the following kinds of personal information from our clients:
- Contact information such as name, email address, mailing address, phone number, job title
- Unique Identifiers such as user name and password
- Information about their business such as company name and business type
- We use this information to:
- Submit notifications, emergency warnings and updates to individuals on the behalf of our clients
- Assess system health, volume metrics, and performance data
- Send requested product or service information
- Respond to customer service requests
- Administer accounts
- Send marketing communications
How We Disclose Your Personal Information
We will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell your personal information to third parties.
If you are xMatters corporate client, requests for withdrawal of processing service-related information, must be done under the direction of our corporate clients. System administrators have complete control over their employees’ personal information disclose and deletion.
Service Providers and Sub-Processors
We may provide your personal information to companies that provide services to help us with our business activities such as submitting promotional email communications and emergency alerts to you on the behalf of xMatters. These companies are authorized to use your personal information only as necessary to provide these services to us. xMatters may transfer personal information to companies that help us provide our service to our clients. Transfers to subsequent third parties are covered by the provisions in this policy regarding notice and choice and the service agreements with our clients.
We may also disclose your personal information:
- as required by law, such as to comply with a subpoena, or similar legal process;
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; and/or
- to any other third party with your prior consent to do so.
If xMatters is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Like most websites, the service gathers certain information and stores it automatically in log files. This helps us monitor site traffic, referrals, exit patterns, browser and operating system trends, and clickstream data. We may combine this automatically collected log information with other information we collect about users.
How Long We Retain Your Personal Information
xMatters will retain personal data we process on behalf of our active clients to provide services to our client. xMatters will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
When client are decommissioned, their data will be deleted in 60 days.
Personal Information Transfers Outside of EU
xMatters uses Standard Contractual Clauses as part of Data Processing Agreements (DPA) as the cross-border transfer mechanism. xMatters also undergoes annual privacy audits conducted by an independent firm to validate compliance with all applicable laws.
xMatters participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. xMatters is committed to subjecting all personal data received from European Union (EU) member countries, including the United Kingdom (UK) and Switzerland, respectively, in reliance on each privacy shield framework, to the framework’s applicable principles. To learn more about the privacy shield framework, visit the U.S. Department of Commerce’s Privacy Shield List.
xMatters is responsible for the processing of personal data it receives, under each privacy shield framework, and subsequently transfers to a third party acting as an agent on its behalf. xMatters complies with the privacy shield principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the privacy shield framework, xMatters is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, xMatters may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S. based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
xMatters has further committed to cooperate with EU data protection authorities (DPAs) for EU employees, and the Swiss Federal Data Protection and Information Commissioner for Swiss employees with regard to unresolved privacy shield complaints concerning human resources data transferred from the EU or Switzerland, respectively, in the context of the employment relationship and employee data that it processes in its role as a service provider.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
How We Protect Your Personal Information
We use physical, electronic and procedural safeguards to protect against unauthorized use, access, modification, destruction, disclosure, loss, or theft of your personal information.
The security of your personal information and our clients’ information is important to us. When you enter sensitive information (such as login credentials) we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. If you have any questions about security on our website, you can contact us via one of the methods listed below.
For more information about technical safeguards: https://www.xmatters.com/trust/security/data-encryption/
Who is in charge of Your Information
The xMatters Data Protection Officer (DPO) is responsible for ensuring all necessary processes to protect your information are in place. We also have a robust privacy program managed and audited by the Information Assurance team.
To contact the xMatters DPO: firstname.lastname@example.org
Rights about your Personal Information
- You have the right to require us to:
- provide you with further details on the use we make of your information
- provide you with a copy of information that we hold about you;
- update any inaccuracies in the personal data we hold;
- delete any personal data that we no longer have a lawful ground to use;
- where processing is based on consent, to withdraw your consent so that we stop that particular processing;
- object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
- restrict how we use your information whilst a complaint is being investigated.
You may also ask us not to process your personal data for marketing purposes. We will inform you if we intend to disclose your information to any third-party service provider for this purpose. You can exercise your right to prevent such processing at any time by contacting us.
We are also required to take reasonable steps to ensure that your personal data remains accurate. In order to assist us with this, please let us know of any changes to the personal data that you have provided to us by contacting us or by using any relevant Customer Support channels and/or personnel.
If you are not satisfied with our use of your personal data or our response to any exercise of these rights, you have the right to complain to the relevant supervisory authority (data protection regulator). For any questions, you can get in touch with us at: email@example.com
Notification About Privacy Breaches
We have a process in place to handle privacy breaches that involves, but is not limited to, report the breach, contain the breach and assess the extent and Impact of the Privacy Breach.
In the case of a privacy breach, we will, not later than 72 hours after having become aware of it, notify the data breach to the supervisory authority. When the personal data breach is likely to result in a high risk to your rights, we will communicate the personal data breach to you without undue delay.
xMatters Data Protection Officer is responsible for maintaining and applying this procedure.
We may update this privacy statement to reflect changes to our information practices. We will indicate at the top of the Privacy Statement when it was most recently updated. All changes are effective immediately when they are posted and apply to all access to and use of the website thereafter.
If we make any material changes we will notify you or our Client by email (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
12647 Alcosta Boulevard Suite 425,
San Ramon, CA 94583, United States