GDPR Statement

european union general data protection regulation (gdpr) statement when you access our product or services for the first time you will be asked to accept our terms of service by accepting our terms of service, you are making a clear, unambiguous, positive confirmation that you agree to allow xecta to store and process your personal information based on the guidance provided within the ‘data protection’ section of this document xecta collects the minimum data needed to identify a user within our products we process personal data for the purposes of recording login activity and transactions performed while using the products we securely store data at rest and in transit we may communicate with you by sending you an email these emails will be to assist with a customer support ticket or to inform you of other operational or service quality issues you have the right to opt out from these emails you must be over the age of 13 years old to use our products or services data protection data subject you (the user) are the data subject data controller your employer or organization granted you the permission to access our products in doing so your employer shared some basic login data with us though an automated process as part of a saml2 https //en wikipedia org/wiki/saml 2 0 identity integration your employer is the controller of the data provided to us lawfulness, fairness and transparency your personal information is used to identify you within our systems and also to identify you to your colleagues who also use our products we may use your email address to send you an email these emails are transactional in nature and will relate to your use of the product if required by law, and we receive a valid legal request, we may share information with law enforcement agencies purpose limitation we process your login credentials each time you login to our products and services we provide a report which can be accessed by you, by us and by your employer which reports your use of the product data minimization we collect your email address, first and last name, which was provided to us by your employer we collect your ip address this is the minimum data we require to record your login and transaction history accuracy your employer holds the master data record that feeds our systems please contact your employer if your name or email is incorrect storage limitation we store your data for as long as your employer has an active subscription agreement all data is permanently deleted 90 days after the subscription terminates integrity and confidentiality data at rest and in transit is stored using aes 256 encryption the data is processed using gdpr compliant aws cloud services https //aws amazon com/compliance/gdpr center/ based in the united states be aware that your employer may have negotiated an agreement with xecta which specifies data transit, data processing and data storage which may be different to those specified above accountability where xecta is a data controller we are responsible to correct erroneous personal data and to securely store and dispose of personal data in accordance with our data management policy xecta is audited annually by an independent auditor to ensure data is being secured and processed in accordance our terms of service, privacy policy, data management policy and our information security policy