This Privacy Policy describes how https://xperiencify.com/ collects, uses, and discloses your Personal Information when you visit our website. According to the GDPR article 13.
Contact
After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us by e-mail at [email protected] or by mail using the details provided below:
Xperiencify
3571 Far West Blvd #3355
Austin, TX 78731
Collecting Personal Information
When you access the Site, we automatically gather certain data about your device and your interaction with the Site. Additionally, if you contact us for a particular purpose, we may obtain additional information from you. In this Privacy Policy, we use the term "Personal Information" to refer to any information that can identify an individual, including the data listed below. Your personal data is shared solely with https://xperiencify.com. It is necessary to provide this information to enable us to deliver the services outlined in the table below. Failure to provide the requested information may result in us being unable to provide the services described in the chart. Please refer to the list below for further details on the type of Personal Information that we collect and the reasons for doing so.
| SOURCE | PERSONAL DATA | REASON | LEGAL BASIS | RETENTION PERIOD |
|---|---|---|---|---|
| BROWSING ON THE WEBSITE | - Cookies - IP address - LOGS |
Browsing the website Improve stability and functionality of the website. Security purpose |
Legitimate interest Consent Contract Law obligation |
- Until the data is no more needed, or the consent is revoked |
| CONTACT FORM | - Name - Email address |
Contact the support for informations. | Contract (precontractual) | - Until the contact procedure is completed |
| REGISTERING FORM | - First name - Last name |
Registering to the website and services | Contract | - When the account is closed - After one year without any login from the user |
| LOGIN | - Email - Password (no PII) |
Login into the account | Contract | - When the account is closed - After one year without any login from the user |
| CHAT | - Name, Email , Address | Ask questions live | Consent | Until the informations is no longer needed |
| FORGOT PASSWORD | - Receive password reset link | Contract | - Until the information is no more needed - When the account is closed - One year without any login from the user |
Minors
Our Site is designed for individuals who are 18 years old or older. We do not knowingly collect Personal Information from children. If you are a parent or legal guardian and you believe that your child has provided Personal Information to us, please contact us at the address provided above to request that the information be deleted.
Lawful basis
If you are a resident of the European Economic Area (EEA), we process your personal information in accordance with the General Data Protection Regulation (GDPR). The GDPR specifies certain lawful bases under which we can process your personal
information, which are as follows:
• The performance of the contract between you and the Site;
• Consent
• Compliance with our legal obligations;
Retention
In compliance with the GDPR's "storage limitation principle," we ensure that we do not retain your data beyond the necessary duration required for the processing purpose. This may include:
• When the data is no more needed for the purpose
• When the data subject has revoked the consent
• When the account is closed
• After one year without any connection on the website
Transfers outside the EU
Your Personal Information will be initially processed on a secure server hosted by Amazon in Walnut, USA. Cloudflare is used solely for CDN purposes and is compliant with EU GDPR guidelines by utilizing Standard Contractual Clauses and additional technical and organizational measures as a lawful basis. Further information on their compliance can be found on their website at the following links:
https://www.cloudflare.com/gdpr/introduction/
https://www.cloudflare.com/cloudflare-customer-dpa/
https://www.cloudflare.com/cloudflare-customer-scc/
AWS also follows GDPR guidelines and uses a DPA with SCC for Controllers and Processors, as well as additional technical and organizational measures as a lawful basis. More information on their compliance can be found at the following links:
https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
https://d1.awsstatic.com/Controller_to_Processor_SCCs.pdf
https://d1.awsstatic.com/Processor_to_Processor_SCCs.pdf
Security measures
At Xperiencify, we take security seriously and have implemented various measures to ensure the safety of our systems and the data of our clients. Our website is hosted on a secure server provided by AWS, and we have also implemented additional security features directly on AWS servers, including VPC, IAM, Security groups, and Network ACL. In addition, we use HTTPS connections to encrypt data in transit, conduct regular security audits, and perform frequent updates to identify and fix any new vulnerabilities.
We also use Cloudflare as a content delivery network (CDN), but only for CDN purposes. Cloudflare uses Standard Contractual Clauses (SCCs) and additional technical and organizational measures as a lawful basis for complying with the EU GDPR guidelines. You can find more information on their GDPR compliance on their website:
https://www.cloudflare.com/gdpr/introduction/
https://www.cloudflare.com/cloudflare-customer-dpa/
https://www.cloudflare.com/cloudflare-customer-scc/
AWS also uses SCCs and additional technical and organizational measures as a lawful basis for complying with the EU GDPR guidelines. You can find more information on their GDPR compliance on their website:
https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
https://d1.awsstatic.com/Controller_to_Processor_SCCs.pdf
https://d1.awsstatic.com/Processor_to_Processor_SCCs.pdf
Please note that the United States of America does not have an adequacy decision from the European Commission. However, we ensure that appropriate safeguards, such as the SCCs, are in place to protect the personal data of our clients who are located in the European Economic Area (EEA).
Your rights
• The Right to Information.
• The Right of Access.
• The Right to Rectification.
• The Right to Erasure.
• The Right to Restriction of Processing.
• The Right to Data Portability.
• The Right to Object.
• The Right to Avoid Automated Decisionmaking.
• The Right to Information; you have the right to request information about the personal data we hold. You have the right to be informed of how your personal data is processed.
• The Right of Access; (Article 15, Recitals 63 & 64 GDPR) The General Data Protection Regulation (GDPR), under Article 15, gives individuals the right to request a copy of any of their personal data which are being ‘processed’ (i.e. used in any way) by ‘controllers’ (i.e. those who decide how and why data are processed), as well as other relevant information (as detailed below). These requests are often referred to as ‘data subject access requests, or ‘access requests.’
• The Right to Rectification; (Articles 16 & 19 of the GDPR)
If your personal data is inaccurate, you have the right to have the data rectified, by the controller, without undue delay. If your personal data is incomplete, you have the right to have data completed, including by means of providing supplementary information. The right of rectification is restricted in certain circumstances under Section 60 of the Data Protection Act 2018, which provides for restrictions that are necessary for important objectives of public interest, and by Section 43 of the Act which seeks to balance the right of rectification with the right of freedom of expression and information.
• The Right to Erasure; (Articles 17 & 19 of the GDPR)
This is also known as the ‘right to be forgotten.
You have the right to have your data erased, without undue delay, by the data controller, if one of the following grounds applies:
Where your personal data are no longer necessary in relation to the purpose for which it was collected or processed.
Where you withdraw your consent to the processing and there is no other lawful basis for processing the data.
Where you object to the processing and there are no overriding legitimate grounds for continuing the processing (see point 6 below).
Where you object to the processing and your personal data are being processed for direct marketing purposes (see point 6 below).
Where your personal data have been unlawfully processed.
Where your personal data have to be erased in order to comply with a legal obligation.
Where your personal data have been collected in relation to the offer of information society services (e.g. social media) to a child.
• The Right to Restriction of Processing; (Article 18 of the GDPR)
You have a limited right of restriction of processing of your personal data by a data controller. Where the processing of your data is restricted, it can be stored by the data controller, but most other processing actions, such as deletion, will require your permission.
• The Right to Data Portability; (Article 20 of the GDPR)
In some circumstances, you may be entitled to obtain your personal data from a data controller in a format that makes it easier to reuse your information in another context and to transmit this data to another data controller of your choosing without hindrance. This is referred to as the right to data portability.
• The Right to Object; (Article 21 of the GDPR)
When do you have a right to object?
You have the right to object to certain types of processing of your personal data where this processing is carried out in connection with tasks: In the public interest,
Under official authority, or in the legitimate interests of others.
You have a stronger right to object to the processing of your personal data where the processing relates to direct marketing. Where a data controller is using your personal data for the purpose of marketing something directly to you or profiling you for direct marketing purposes, you can object at any time, and the data controller must stop processing as soon as they receive your objection. You may also object to the processing of your personal data for research purposes unless the processing is necessary for the performance of a task carried out in the public interest.
• The Right to Avoid Automated Decisionmaking; (Article 22 of the GDPR)
You have the right to not be subject to a decision based solely on automated processing. Processing is “automated” where it is carried out without human intervention and where it produces legal effects or significantly affects you. Automated processing includes profiling.
• In accordance with the UK and EU GDPR ou also have the right to lodge a complaint to the Data Protection Authority
For English-speaking peoples, you can contact the ICO, which is the English authority for the protection of personal data.
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel. +44 1625 545 745
e-mail: [email protected]
Website: https://ico.org.uk
