GDPR Statement
When you access our product or services for the first time you will be asked to accept our Terms of Service. By accepting our Terms of Service, you are making a clear, unambiguous, positive confirmation that you agree to allow Xecta to store and process your personal information based on the guidance provided within the ‘Data Protection’ section of this document.
Xecta collects the minimum data needed to identify a user within our products. We process personal data for the purposes of recording login activity and transactions performed while using the products. We securely store data at rest and in transit. We may communicate with you by sending you an email. These emails will be to assist with a customer support ticket or to inform you of other operational or service quality issues. You have the right to opt-out from these emails.
You must be over the age of 13 years old to use our products or services.
Data Protection
- Data subject
- You (the user) are the data subject
- Data controller
- Your employer or organization granted you the permission to access our products. In doing so your employer shared some basic login data with us though an automated process as part of a SAML2 identity integration. Your employer is the controller of the data provided to us.
- Lawfulness, fairness and transparency
- Your personal information is used to identify you within our systems and also to identify you to your colleagues who also use our products. We may use your email address to send you an email. These emails are transactional in nature and will relate to your use of the product. If required by law, and we receive a valid legal request, we may share information with law enforcement agencies.
- Purpose limitation
- We process your login credentials each time you login to our products and services. We provide a report which can be accessed by you, by us and by your employer which reports your use of the product.
- Data minimization
- We collect your email address, first and last name, which was provided to us by your employer. We collect your IP address This is the minimum data we require to record your login and transaction history.
- Accuracy
- Your employer holds the master data record that feeds our systems. Please contact your employer if your name or email is incorrect
- Storage limitation
- We store your data for as long as your employer has an active subscription agreement. All data is permanently deleted 90 days after the subscription terminates.
- Integrity and confidentiality
- Data at rest and in transit is stored using AES 256 encryption. The data is processed using GDPR compliant AWS cloud services based in the United States. Be aware that your employer may have negotiated an agreement with Xecta which specifies data transit, data processing and data storage which may be different to those specified above.
- Accountability
- Where Xecta is a data controller we are responsible to correct erroneous personal data and to securely store and dispose of personal data in accordance with our Data Management Policy. Xecta is audited annually by an independent Auditor to ensure data is being secured and processed in accordance our Terms of Service, Privacy Policy, Data Management Policy and our Information Security Policy.