Website & Marketing Privacy Notice

1. Introduction

EXELA Technologies as a Group of Companies (hereinafter referred to as ‘EXELA’ or/and ‘We’) takes the privacy of an individual’s data very seriously and is committed to protecting and respecting individual’s privacy. The Data Controller of your personal data is Exela Technologies B.V., Herengracht 576b, 1017 CJ  AMSTERDAM - Netherlands –Organisation no 72638974.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation which replaced the Data Protection Regulation (Directive 95/46/EC). The GDPR aims to harmonise data protection legislation across the European Union, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.

This Privacy Notice describes how we collect, use and process your personal data through our website, with whom we might share it and how long We usually keep it. This also makes you aware of your rights under the GDPR. This Privacy Notice applies to the personal data of all users of the website.

2. What information do we collect ?

We collect, store and use some or all of the below listed personal data:

  • for general identification - name, surname, email address, phone number;
  • for professional identification - business e-mail, business telephone number, job title, employmenet history;
  • technical data - internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
  • usage data – includes information about how you use our website or how you interact with us such as your responses to event invitations or downloads of articles or publications;
  • marketing and communications data - includes your preferences in receiving marketing communications from us and your communication preferences.

We won’t collect, store and use any of the ‘special categories’ of personal information. We do not intentionally collect information from children under the age of 16. Any linked websites of EXELA (e.g. Talento) will have their own privacy notices, if there will a different rules of collecting and processing personal data.

3. How do we collect this data?

We collect information directly from you when you visit our website or by fill in online forms or by corresponding with us by post, phone, email, social media or otherwise. It also concerns situation when you decide to sign up for marketing communications to be sent to you.

If you fail to provide certain information when requested, We may not be able to comply with contractual obligations and perform the contract we have entered into with you (such as replying on your request), or we may be prevented from complying with our legal obligations.

When you interact with our website, we may automatically collect Technical Data and/or Usage Data, unless you have opted-out or have otherwise refused to provide consent. Following data may be used:

  • Technical Data: we may collect information about the device you use to access our website, such as your device's IP address and operating system. Additionally, in the case of mobile devices, your device type, and mobile device's unique advertising identifier . Some technical information about the browser you are using will also be collected
  • Usage Data: This is data about your browsing activity on our website e.g. information which pages you visited and when, what items were clicked on a page, how much time was spent on a page etc.;
  • Location Data: This is non-precise information related to your geography derived from your device’s IP address e.g. computer. This does not reveal your precise geographic coordinates. This helps us to display ads that are relevant to your general location e.g. if we’d like to show ads for people located in the Netherlands only;
  • Ad Data: This is data about the online ads we have served, or attempted to serve to you e.g. how many times specific ad has been served to you, what page the ad appeared on etc.

In addition, We may receive personal data from various third parties which shared with us your data like: name, surname, company name, business e-mail, business telephone number and job title. Furthermore, Technical Data from analytics and email subscription providers such as LinkedIn, Pardot, Google Analytics or Facebook can be shared with us too. If we receive such data from our third party providers and We will be considered as Data Controller, each time we will inform you from which source the personal data originate, and provide details in separate privacy notice.

We might aggregate data from different sources (both internally and externally) to have a better understanding of your preference and interests, and be able to provide you more relevant communications.

4. How do we use personal information?

We may process personal information for the following reasons:

  • send you technical notices, updates, security alerts and support and administrative messages;
  • assessment and screening of potential clients, business partners or other person with a business relationship with us;
  • respond to your comments, questions and requests and provide customer service;
  • communicate with you about products, services, offers, promotions, rewards and events offered by us;
  • monitor and analyze trends, usage and activities in connection with our Services;
  • to improve the services, website, products, online services, mobile applications and communications we provide towards you or others;
  • comply with legal obligation, protect of our interests/assets and defense of legal claims.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which we are using that allows us to do so. When required, we will ask your consent before starting among other marketing activities. Please note that even if you opt out from receiving marketing communications, you might still receive administrative, service or other important notices.

5. What legal basis do we have for processing your personal data?

As a rule our legal basis for the processing of personal data are:

  • your consent;
  • performance of a contract;
  • legal obligation; and
  • our legitimate business interest.

These legal basis have been defined in the GDPR. We describe each of these below.

Consent

Should we want or need to rely on consent to lawfully process your data, we will request your written consent for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time (as set out below).

You have the right to withdraw your consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.

Performance of a contract

We will rely on performance of a contract to provide you the services and manage relationships.

Legal Obligation

We will rely on legal obligation, if we are legally required to hold information on you to fulfil our legal obligations – including where you are placed in a role in a regulated environment. This would include the requirement to obtain and hold data regarding criminal convictions.

This also concerns if EXELA would like to establish or defend it’s legal claims :

  • Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements in connection with exercising or defending legal claims or in case of carrying out other EXELA’s obligations;
  • This may arise, for example; where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.

Our Legitimate Business Interests

Our legitimate business interest means processing of personal data is necessary for the to enable EXELA to conduct its business e.g.. matters related to the protection of property, employees and matters related to providing security to persons present at premises. We never override undamental rights and freedoms of our employees which require protection of personal data.

Local Legislations and Regulations

In certain cases, employment, financial (i.e. anti-money laundering) and other local legislation may require that we collect information that is considered to be ‘delicate’. In these circumstances we will ensure that only the minimum required is collected, and that it is securely stored and that it is deleted when no longer required.

Below you can find examples of legal basis per type of processing which we may undertake :

Type of processing Legal basis
Notifying you about changes to our website terms or privacy policy Performance of a contract / Legal obligation
Respond to your comments, questions and requests and provide customer service; Performance of a contract
Monitor and analyze trends on our website Legitimate interest
Communicate with you about products, services, offers, promotions, rewards and events offered by us (marketing activity) Consent
Give an option to accept or reject cookies on our website Legal obligation

6. When do we share personal data?

EXELA being an international company processes data in locations both in the EEA and outside the EEA. We share your personal information with other entities of EXELA as part of our regular reporting activities on company performance, in the context of a business reorganization or restructuring exercise, for system maintenance support and hosting of data. Several support services such as finance are centralized and located outside of the EEA. We transfer the personal information we collect about you to EXELA entities within EEA and in USA and India.

We may share your personal information with

  • different governmental authorities, institutions, agencies (or similar), or insurance companies where required by law for the purpose of their regulatory tasks; and
  • with selected third parties including:
    • Google – Advertising platform. Based in the US;
    • Facebook- Advertising platform. Based in the US;
    • Business partners who act as data processor due to outsource certain processing activities.

Where we do share your data with 3rd parties or other EXELA’s entities, the shared data will be limited to that which is required by the 3rd party or other EXELA’s entity to provide the required processing. In such cases your personal data are safeguarded by Data Processing Agreements, committing outsourced service providers to process your personal data for specified purposes and in accordance with our instructions, comply with GDPR and apply appropriate security measures to protect your personal information in line with our policies. All transfers outside EEA made to countries which are considered by the European Commission to not provide an adequate level of protection of personal information are safeguarded with agreement based on Standard Contractual Clauses approved by European Commission. We have implemented the Privacy Shield and other requirements to enable transfers to the USA where required.

As an example we have listed on table below several categories of personal data which We may share with other entities of EXELA and selected third parties:

Third Party Categories of personal data shared Comments
EXELA USA Name and last name, e-mail address, phone number, employment history, job title, social media profile IDs/links. Customer relationship data for sales and marketing poproses.
EXELA India internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. Website updating and technical deployments.
Google & Facebook E-mail address, phone number, job title, company, geo-location (country /zip) and internet protocol (IP) address. As part of our marketing activitiy we may share data with those third parties (who will act as separate Data Controllers) to provide you our advertisement materials.

More details about sharing data can be obtained from contact point specified in point 12.

7. How do we secure personal data?

Once We have received your information, we will use strict procedures and security features to prevent unauthorised access. All information you provide to us is stored securely on our servers. We have in place the following measure to ensure that confidentiality, integrity and availability of the personal data we hold on you.

  • Facilities are in place to ensure that data is backed up in the case of accidental or deliberate loss, and that the system can be recovered with minimal interruption in case of a loss of service;
  • Access to the data is tightly controlled and only authorised users are permitted access. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality;
  • All staff are given training in the requirements of the GDPR and data security;
  • Transfer of personal data from one location to another is via secure links that use cryptography to ensure the security of the data being transferred;
  • We have in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We are avoiding personal data collection and usage in paper format. If required, the paper documents and copies will be always stored in locked-up premises with very restricted access to the limited members of staff in line with our internal policy.

8. How long do we keep your personal data for?

We understand our legal duty to retain accurate data, that’s why we will only retain your personal data as long as we have consent from you.
Regardless of the above, every 2 years we will send you a communication where we will ask you to re-authorise your consent for marketing communications, if you signed up.

If you consent to receiving our Newsletter, you revoke consent at any time by clicking the ‘unsubscribe’ button on our Newsletter communication or by contacting us at any time. All paper records will be deleted by secure shredding of the paper files electronic copies will be deleted by secure erasure in accordance with applicable laws and regulations.

Details about retention schedule can be obtained from contact point specified in point 12.

9. Your rights in relation to personal data

Under the GDPR you have the right to:

  • Request access to your personal information which involves confirming with us whether we are processing your personal data and if we are, to request access to that personal data including the categories of personal data processed, the purpose of the processing and the recipients or categories of recipients. We do have to take into account the interests of others though, so this is not an absolute right;
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected or deleted;
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. To stop receiving marketing communications from us or change your preferences please contact us local email address / contact details;
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
  • Request the transfer of your personal information to another party in certain formats, if practicable.
  • Withdraw consent to processing at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. To withdraw consent please contact; Local contact details with details of what information to be provided.

If you wish to exercise any of the rights set out above, please contact the Local contact with details of what information is to be provided.

  • You will not have to pay a fee to access your personal data (or to exercise any of the other rights), however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances;
  • We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response;
  • We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated;
  • In certain circumstances we may need to limit the scope of the data subject’s rights e.g. where a request is made to delete data that has to be retained for legal or regulatory reasons, or where fulfilling the request may expose the personal data of another data subject.

10. Use of automated decision-making and profiling

We don’t undertake automated decision making, however we use profiling through our CRM systems. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision making process.

11. Changes to our Privacy Notice

If any changes we would make to our Privacy Notice in the future, we will inform you by placing the appriopriate information on our website.

12. How to contact us?

Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to:

EXELA TECHNOLOGIES

Phone number: 1-844-XELATEC,

EMEA address: Herengracht 576b, 1017 CJ AMSTERDAM, The Netherlands

Email: emeamarketing@exelatech.com

You have the right to make a complaint at any time to the Local Supervisory Authority We would however, appreciate the chance to deal with your concerns before you approach the Local Supervisory Authority so we encourage you to contact us in the first instance:

Autoriteit Persoonsgegevens

Bezuidenhoutseweg 30

2594 AV DEN HAAG

+31 (0) 70-8888 500

 

13. How do we use cookies ?

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. We use both session and persistent cookies on our website. The cookies we use and their purpose is as seen here.

we use various cookie programmes to recognise a computer when a user visits our website. Most browsers allow you to refuse to accept cookies; for example:

  • in Internet Explorer (version 11), you can block cookies using the cookie handling override settings available by clicking "Tools", "Internet Options", "Privacy" and then "Advanced";
  • in Firefox (version 47), you can block all cookies by clicking "Tools", "Options", "Privacy", selecting "Use custom settings for history" from the drop-down menu, and unticking "Accept cookies from sites"; and
  • in Chrome (version 52), you can block all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Content settings", and then selecting "Block sites from setting any data" under the "Cookies" heading.
  • in Microsoft Edge (version 41), you can block cookies by clicking the “…” icon in the top right corner of the browser window. Towards the bottom click “Setting” then “View advanced settings. From the drop-down menu under the “Cookies” heading, select “Block all cookies”.

Blocking all cookies will have a negative impact upon the usability of our and many other websites. If you block cookies, you will not be able to use all the features on our website. You can delete cookies already stored on your computer; for example:

  • in Internet Explorer (version 11), you must manually delete cookie files (you can find instructions for doing so at http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cook…);
  • in Firefox (version 47), you can delete cookies by clicking "Tools", "Options" and "Privacy", then selecting "Use custom settings for history" from the drop-down menu, clicking "Show Cookies", and then clicking "Remove All Cookies"; and
  • in Chrome (version 52), you can delete all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Clear browsing data", and then selecting "Cookies and other site and plug-in data" before clicking "Clear browsing data".
  • in Microsoft Edge (version 41), you can delete all cookies by selecting the “…” icon in the top right corner of the browser window. Towards the bottom click “Setting” then “Choose what to clear”. Select “Cookies and saved website data” and “Cached data and files and click on “Clear”.