UPDATED November 10, 2018

This privacy policy discloses the privacy practices for openexc.com (the “Site”), which is operated by OpenExchange, Inc. 1117 E Putnam Ave #326 Riverside CT. 06878, dpo@openexc.com, (617) 600-6280. This privacy notice applies solely to personal information collected by this Site. Personal information is information that identifies or can identify a specific individual. It will notify you of the following:

 

What Personal Information is collected from you through the Site, how it is used and with whom it may be shared.

What choices are available to you regarding the use of your data.

The security procedures in place to protect the misuse of your Personal Information.

How you can correct any inaccuracies in the Personal Information.

 

1. Information Collection, Use, and Sharing

We are the sole owners of the information collected on this Site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent Personal information to anyone.

We use information we maintain about you, and other information we obtain from your current and past activities: (1) to perform the services requested; (2) to troubleshoot problems and enforce our Usage agreement ; (3) to operate and improve the Site, including using Site usage data to understand utilization and improve the service; and (4) to resolve disputes. We may also disclose Personal Information and the content of communications in order to: (a) comply with the law or respond to lawful requests or legal process; or (b) act in good faith to protect the rights or property of our business, employees, suppliers or customers.

Our computer systems and those of our partners are currently based in the United States, so your Personal Information will be processed by us in the United States. In accordance with applicable law, Personal Information collected on the site may be transferred, stored and processed in the United States. By entering your Personal Information, you consent to such processing of your personal information.

Although our systems are based in the United States, we are in compliance with the European Union’s General Data Protection Regulation (GDPR), effective May 25, 2018.  At any time, you may request a Data Protection Addendum for your existing contracts by contacting our Data Protection Officer via email: dpo@openexc.com.

OpenExchange, Inc. collects data to offer you Services. We only collect and process Personal Data that is required to help you create an Account or for us to offer the very best Services possible.

You provide some of this information directly when you create an Account, when you submit form requests on both openexc.com, or when you contact OpenExchange, Inc. for support. Some of that information includes:

First & Last Name

Job Title

Company

Email addresses

Phone Numbers

Areas of interest

Answers to miscellaneous questions

Support inquiries

Also, we reserve the right to use and disclose any information that is aggregate in format or does not contain personal information (such as statistics and survey results that do not identify you individually by name).

We also sometimes obtain data from third parties sub-processors to ensure data is valid and belongs to you. For example, when you register a credit card or debit card with us to use the Service, we will use card authorization and fraud screening services to verify that your card information matches other information that you may supply to us and that the card has not been reported as lost or stolen.  For a list of our sub-processors, please contact dpo@openexc.com and request a copy.

 

2. Why is your information being processed?

We process your information so that we can offer you our Services and communicate with you.

Contractual Relationship

When we process your Personal Data in relation to our Services (including for our records, dealing with customer requests, providing customer services, administration, statistical analysis, assessing financial standing, recovery and collection of debts, dealing with regulatory and compliance issues, transfer of the OpenExchange, Inc. business, security messages, processing payments, sending you receipts of Transactions) we rely on the lawful basis of having a contractual relationship with you.

Consent

When we process your information to communicate with you (including notifying you of our promotions, newsletters, operational emails about updates, outages, changes to service; targeted advertising and marketing of services), we rely on the lawful basis of consent to process your Personal Data and we are committed to obtaining that consent in a legitimate way.

Your consent can be provided orally through an authorized representative and is provided by you directly when you purchase a subscription plan or sign a contract, or through the use of our service. You will be asked specifically if you would like to opt into each of these communications and you can choose whether to receive some, all or none of these communications. Operational emails are required in order to keep you current on any changes with our system; operational emails are rarely sent.

You will always have the right to remove your consent from any such processing subject to certain allowable exceptions (e.g., the Personal Data is necessary to provide the service or product, or the withdrawal of your consent would frustrate the performance of a legal obligation) (more on this below) by notifying the data protection officer at dpo@openexc.com. You will be given an opportunity to unsubscribe each time we communicate with you. Note that your decision to withhold or withdraw your consent to certain uses of Personal Data may restrict our ability to provide a particular service or product.

Subject to Data Protection Laws and GDPR compliance, we may collect, use or store Personal Data without your consent in the following limited circumstances:

As instructed by local authorities in emergency situations that threaten an individual’s life, health, or personal security such as emergency warnings for tsunami or earthquakes.

When the Personal Data is available from a public source (e.g. a telephone directory).

To protect ourselves and other users from fraud.

To investigate an anticipated breach of an agreement or a contravention of the law.

When such collection, use or disclosure of Personal Data is permitted or required by law.

Legitimate Interest

There are times when we will process your Personal Data on the lawful basis of our legitimate interest, for example when contacting you about new product offerings and conducting customer satisfaction surveys to enhance the provision of our services.  For this type of processing, we will always take into consideration the effect of such processing on your fundamental rights and freedoms, and if we believe that the communication would be an infringement on your rights, we will not proceed with that communication.

SPECIAL NOTICE REGARDING CHILDREN

Our Services are not directed to people under 16.  We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with Personal Data without the proper consent, please contact us at dpo@openexc.com and we will take steps to remove such information and terminate the account, as necessary.

 

 3. Information Processing

We only process your Personal Data where necessary to fulfill the purposes identified herein. We request information from you on our order or registration form. To buy from us, you must provide contact information (like name and shipping address) and financial information (like credit card number and expiration date). This information is used for billing purposes and to fill your orders. If we have trouble processing an order, we’ll use this information to contact you.

 

4. Information Sharing

We will never use or disclose your Personal Data for any additional purposes unless we have a lawful basis to do so.

We will not sell, rent, license or exchange your Personal Data customer lists or your Personal Data to other parties outside of OpenExchange, Inc, except as otherwise provided herein.

No Personal Data will be shared with third party advertisers or partners without your permission, except as otherwise provided herein.

We use an outside credit card processing company to bill users for goods and services. These companies do not retain, share, store or use personally identifiable information for any secondary purposes beyond filling your order.

We partner with another party to provide specific production services. When the user signs up for these services, we will share names or other contact information that is necessary for the third party to provide these services. These parties are not allowed to use personally identifiable information except for the purpose of providing these services.

Information disclosed in chat forums, blogs and the like, should they be offered on the Site, and any information that you disclose in these type of forums becomes public information, which could be read, collected or used by others to send you unsolicited messages.

The sharing of your Personal Data in the cases outlined above is required for OpenExchange, Inc. to offer you its Services and precautions (such as agreements with data security and protection clauses that are in line with GDPR and privacy laws in the United States) and are always put in place.

 

5. Cookies

Cookies are small amounts of data sent to a user’s browser from our web servers and stored on a user’s hard drive. We automatically receive and record information on our server logs from your browser including your IP address, browser type, date/time stamp, cookie information and the page you requested with referring/exit pages. We use cookies to deliver content specific to users’ interests and to keep track of usernames and passwords during user sessions. If you choose not to accept cookies, your ability to use the services might be limited. We do not link the information we store in cookies to any personally identifiable information.

 

6. Your Access to and Control Over Information

In connection with marketing promotions or other projects, we may ask you whether you have objections against a certain kind of data use or sharing. If you opt-out under such circumstances, we will respect your decision. You may opt out of any future contacts from us at any time by calling us or sending us a notice to the contact email listed. You can also do the following at any time by contacting us via the following contact email address or phone number: dpo@openexc.com, (617) 600-6280.

See what data we have about you if any.

Change/correct any data we have about you.

Have us delete any data we have about you.

Express any concern you have about our use of your data.

You can always unsubscribe or choose not to receive promotional information from us by following the specific instructions in the email you receive or by notifying us via the method above. It may take a reasonable period of time to process your request, no longer than 10 business days for e-mail promotions, and 30 days for direct mail and telephone promotions. Some communications about the service are considered part of the OpenExchange, Inc. services, which you may receive periodically unless you cancel the service. At any time, you may request your information to be exported and sent to you for review, and we promptly honor any requests by you to have your information deleted and forgotten.  Email the data protection officer at dpo@openexc.com.

 

7. Security

We take industry-standard precautions to protect your Personal Information. When you submit sensitive information via the Site, your Personal Information is protected both online and offline. Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for “https” at the beginning of the address of the web page.

While we use encryption to protect sensitive information transmitted online, we also protect your Personal Information offline. Only employees who need the Personal Information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store Personal Information are kept in a secure environment.

While these safeguards may help prevent or slow unauthorized access, maintain data accuracy, and facilitate the appropriate use of data, NO GUARANTY IS OR CAN BE MADE THAT YOUR INFORMATION IS SECURE FROM INTRUSIONS AND OR UNAUTHORIZED ACCESS BY THIRD PARTIES.

How is your information kept safe?

We continually review and update our security processes and procedures to ensure your Personal Data is protected.  Detailed security information is available and you may request a copy of OpenExchange, Inc. Security Plan by contacting the data protection officer.

 

8. Retaining your Personal Data

OpenExchange, Inc. will retain your data in accordance with Data Protection Laws and GDPR.

If you create an Account with us or use our Services, we will retain your Personal Data for only so long as is reasonably necessary to fulfill the identified purposes for which the information was collected or as required for legal purposes.

If you create an Account with us, we will retain your Personal Data as long as you have that Account.  If you choose to close your Account, we will mark your Account in our database as “Closed,” but may have to keep a certain amount of information in our database for as long as is required to comply with our legal obligations or 7 years, whichever is shortest.

 

9. Rights to your information
Access

You have the right to request access to your Personal Data and to know how OpenExchange, Inc. uses your Personal Data and to whom it has been disclosed, subject to certain limited exceptions.

You may dpo@openexc.com with a Personal Data access request and we will take all reasonable steps to assist you with any legitimate request for access. Any request to access Personal Data must be made to OpenExchange, Inc. in writing and provide sufficient detail to identify the Personal Data that you seek.

OpenExchange will make the requested information available within 30 business days or provide written notice of an extension where additional time is required to fulfill the request.  It may be the case that OpenExchange, Inc. may not be in a position to respond to a data access request. If a request is refused in full or in part, we will notify you in writing, providing the reasons for refusal and the recourse available to you.

Rectification

You have the right to make sure that the Personal Data that we have concerning you is accurate.

We make reasonable efforts to ensure that all of our users’ Personal Data is kept accurate and complete. If you are a registered user of our Services, we provide you with tools to access or modify the Personal Data you provided to us and associated with your Account. You may also request correction of your Personal Data in order to ensure its accuracy and completeness.

Any request to correct Personal Data must be made in writing and provide sufficient detail to identify the Personal Data and the correction being sought. If your Personal Data is demonstrated to be inaccurate or incomplete, we will, so far as practicable, and as soon as practicable, correct your Personal Data as required and send the corrected information to any organization to which we disclosed the Personal Data in the previous year. If the correction is not made, we will note your correction request in your file.

Erasure

You have the right to obtain from OpenExchange the erasure of Personal Data concerning you.

Any request for the erasure of Personal Data must be made in writing and provide sufficient detail to identify the Personal Data and the erasure being sought.

OpenExchange, Inc. will respond to all requests for erasure within a reasonable amount of time or provide written notice of an extension where additional time is required to fulfill the request.

In the event that you request erasure of your Personal Data, we will use commercially reasonable efforts to remove your Personal Data from our files, however, we may not be able to delete some of your Personal Data to the extent that such Personal Data is still necessary for relation to the purposes for which they were collected, or in relation to a legal obligation of OpenExchange and we may also retain, use, and share your Anonymized Data that we previously collected prior to the deletion of your Account.

Withdraw consent (when processing is based on consent)

As mentioned above, when OpenExchange is relying on consent as the lawful basis for processing your Personal Data, you may remove such consent at any time, an example of this include:

For emails, you may click on the “Unsubscribe” link in the email.

For Cookies on the Site, you can follow your browser’s instructions.

Please note that changing your consent will change our use of your Personal Data as part of the Services which may result in a change in your experience.

Lodge a complaint

You have the right to communicate with OpenExchange about any issues that you may have relating to your Personal Data.

The Data Protection Officer is responsible for ensuring OpenExchnage’s compliance with this Privacy Policy, Data Protection Laws, and GDPR.  You should direct any complaints, concerns or questions regarding compliance in writing to the Data Protection Officer at the contact information below.

 

10. Links

This Site contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our Site and to read the privacy statements of any other site that collects personally identifiable information.

 

11. Effect of Sale of Business

Information about our clients and registrants, including Personal Information, may be disclosed as part of any merger, acquisition, or sale of OpenExchange, Inc. or its assets, as well as in the unlikely event of insolvency, bankruptcy, or receivership, in which case the Personal Information would be transferred as one of the business assets of the company.

 

12. Policy Changes

We may revise this privacy policy from time to time. If we make any material changes we will notify you by posting an announcement on the Site and or sending you an email if you have a separate agreement with us. If we are going to use your Personal Information in a different manner than that stated at the time of collection, we will notify you via email, and you will have a choice as to whether we use your information in this different manner.

 

13. Contact Us

If you have questions or concerns regarding this statement, you may contact us by phone at (617) 600-6280, sending email to, dpo@openexc.com, or by mail to:

OpenExchange, Inc.
ATTN:  Data Protection Officer
1117 E Putnam Ave #326
Riverside CT. 06878
USA

 

14. This policy is effective as of May 25, 2018.