Your privacy is important to us. We are Xceleration, Inc. (“Xceleration” or “we” or “us”). We post this privacy statement (the “Privacy Statement”) so that you are aware of the information we collect, how it is handled and with whom it is shared.
This Privacy Statement relates to the following websites: www.xceleration.com, and www.rewardstation.com (together, the “Xceleration Websites”), and services provided through Xceleration Websites or Xceleration-Powered Websites (collectively the “Xceleration Services”). An “Xceleration-Powered Website” means a website not owned by Xceleration, but which has a license from Xceleration to utilize certain Xceleration technologies. A “User” means any individual who has access through the use of a password to an Xceleration Website or Xceleration-Powered Website, including buyers of Xceleration Services, participants of programs provided through an Xceleration Website or Xceleration-Powered Website, and employees and agents of corporate clients and Suppliers.
Your Use of the Website Implies Your Consent
Your use of Xceleration Websites or Services signifies your acceptance of this Privacy Statement. If you do not agree or are not comfortable with any policy described in this Privacy Statement, your remedies are to discontinue your use of the relevant website or to follow instructions described elsewhere in this Privacy Statement.
Changes in this Privacy Statement
We post customer testimonials on our web sites which may contain personally identifiable information such as the customer’s name. We obtain the customer’s consent prior to posting such testimonial.
Security of Data
The security of your personal information is important to us. When you enter sensitive information (such as credit card or social security numbers) on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). (To learn more about SSL, go to http://en.wikipedia.org/wiki/Secure_Sockets_Layer). When we store your information in databases or in flat files, we utilize encryption technologies to ensure extremely high levels of data protection.
We follow generally accepted industry standards to protect personal information submitted to us (both during transmission and once we receive it). No method of transmission over the Internet, or method of electronic storage, however, is 100% secure. Therefore, while we use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
Laws and Regulations
This Privacy Statement has been reviewed by legal counsel in conjunction with applicable laws and regulations, and we will use commercially reasonable efforts to monitor and update this Privacy Statement as necessary for legal compliance purposes.
We will retain personal information only as long as necessary to fulfill the purposes set forth in this Privacy Statement, or for a period specifically required by law or regulation and thereafter will be disposed of securely or made anonymous so that it cannot be indentified to any individual.
Xceleration’s specific retention policy is set at three years. After three years, all data that is not currently in use as part of an active program will be destroyed.
Privacy Incident and Breach Management
We have implemented a formal, comprehensive privacy incident and breach management program, which specifies the following: (a) Incidents and breaches are reported to a member of our breach team. (b) The Manager responsible for privacy issues and security has the overall accountability and is supported by the privacy and security steering committee(s). (c) We have a privacy breach notification policy in order to deliver notices in a timely and legal fashion. (d) Our program includes a clear escalation path. (e) Our program sets forth a process for contacting law enforcement, regulatory, or other authorities when necessary.
If you feel there has been an incident or breach please contact Xceleration at 1-888-800-4191 or email us at email@example.com
Changes Related to Privacy
We have ongoing processes in place to monitor, assess, and address the effect on privacy requirements from various changes, including but not necessarily limited to changes related to legal and regulatory environments, industry standards, contracts with third parties, business operations and processes, people assigned responsibility for privacy and security matters, and technology.
Categories of Who Is Covered in this Privacy Statement
- If you are a visitor to the portions of Xceleration Websites or an Xceleration-Powered Website that can be accessed without a password (our “Public Website”), please see the section “Public Website Privacy” with respect to data about you. We refer to you as a “Public Website Visitor”.
- If you are a User, please see the section “User Privacy” below for information on our data processing practices with respect to data about you.
- If you are a User or Public Website Visitor, and are a resident of any European Union member state or Switzerland, please also see the section “EU and Switzerland Safe Harbor and Privacy Statement” with respect to data about you in reference to the EU Safe Harbor Principles and the U.S.-Swiss Safe Harbor Framework. We refer to data relating to you as an identifiable individual as “EU or Switzerland Personal Data.”
What Is Not Covered in this Privacy Statement
We cover only our data processing practices described in this Privacy Statement. Without limitation, this Privacy Statement does not cover data that we collect offline, on businesses or legal entities or on our employees.
How You Can Contact Us
If you have questions or concerns regarding this Privacy Statement, you should first contact us by email at info@Xceleration.com. You can also write to us at Attention: Director of Technical Solutions, Xceleration Inc., 5901-A Peachtree Dunwoody Rd, Suite 400, Atlanta, GA 30328, USA. Xceleration will respond to personal information change requests within 30 days of receiving such requests.
2. Overview of Xceleration Services
2.1 Suppliers of Services to Corporate Clients
Xceleration provides access to its applications via Xceleration Websites and Xceleration-Powered Websites to suppliers of services to corporate clients (“Suppliers”). These Suppliers include travel and event reservation services, and merchandise fulfillment suppliers.
2.2 Buyers of Services for Corporate Clients
Individuals and companies (“Buyers”) use Xceleration’s technology via Xceleration Websites or Xceleration-Powered Websites on behalf of corporate clients to manage incentive programs, and to purchase services for these programs from Suppliers.
2.2 Participants of Programs Hosted by Corporate Clients
Participants (generally corporate client employees or stakeholders) use Xceleration Services when invited or registered by a corporate client to participate in a program. They do so by viewing an Xceleration-Powered Website that contains questions created by the corporate client. By responding to these questions, the participant gives the corporate client information about the participants’ activities relevant for participating in that specific program.
3. Public Website Privacy Statement
This section describes how Xceleration uses and disseminates information collected about Public Website Visitors through our Public Website; it does not cover any other data processing activities.
We Won’t Collect Any Information about Public Website Visitors.
4. User Privacy Statement
4.1 Buyers of Services for Corporate Clients
If you are a User acting as a Buyer of Services, the following terms are applicable to you:
4.1.1 General Information
- We will only use your personal information for the purposes of [(a) providing Xceleration Services; (b) facilitating communications between you and third parties; (c) our marketing activities; and (d) all credit and other financial checks in relation to any payments made by you for Xceleration Services]. Xceleration does not resell or transfer your e-mail addresses or any other personal information to third parties without your explicit permission or as allowed by law.
- The corporate clients are expected to ensure all information related to Users are collected and processed in accordance with the European and Swiss legislation regarding data protection or in accordance with the European Union – United States Safe Harbor Principles and the U.S.-Swiss Safe Harbor Framework . Corporate clients have informed Xceleration that Users have given their explicit consent to have their sensitive data processed. Xceleration may provide analysis and reports based on aggregated User data to other third parties as a natural course of doing business. These reports and analysis of aggregated data will not include individual User information or company names.
- You have a right to access personal information about you that Xceleration holds. You have the right to correct, amend, or delete that information when it is inaccurate (except when the burden or expense of providing access would be disproportionate to the risks to your privacy, or when the rights of other persons would be violated).It is your responsibility to update personal information as necessary.
- Registering to use Xceleration Services requires you to give us some contact information (like your name, phone number, street and e-mail address). We will use this contact information to send you information about our systems and Xceleration. Your contact information is also used to contact you when necessary (for example, following up on a request from you for technical support).
- You can update your records in the Xceleration system by accessing the user information administration feature in the system or by sending an email to info@Xceleration.com. You can also write to us at Attention: Director, Technical Solutions, Xceleration Inc., 5901-A Peachtree Dunwoody Rd, Suite 400, Atlanta, GA 30328, USA.
You may choose to receive special offers and other messages from Xceleration or its partners. You may, however, also choose to cease receiving such messages by updating your profile or sending an e-mail to info@Xceleration.com to change information previously provided, remove your information from our database, cancel any future communications or to cancel our service. You can also write to us at Attention: Director, Technical Solutions, Xceleration Inc., 5901-A Peachtree Dunwoody Rd, Suite 400, Atlanta, GA 30328, USA.
4.2 Participants of Programs Hosted by Corporate Clients
If you are a participant using Xceleration Services to register for a program hosted by a corporate client, the following terms are applicable to you:
4.2.1 General Information
- Your personal information and other pertinent information will be collected when you register for a program on an [Xceleration-Powered Website [or] Xceleration Website]. Any information that you provide will be stored on a system managed by Xceleration.
- The information you provide is the property of the corporate clients to whom you have provided the information. The corporate client is regarded as the Data Controller.
- All such personal information is completely accessible to the respective corporate client and its agents. Each Xceleration corporate client has it own privacy statement. By providing your personal information to Xceleration for use by a corporate client or a Supplier (e.g. to make reservations with a particular hotel, or order an award to be shipped to your home address) you consent to Xceleration providing a copy of your personal information to that corporate client or Supplier for collection, processing and any further transfer in accordance with the privacy statement (if any) of that corporate client or Supplier. Xceleration in not responsible for any actions of corporate clients or Suppliers.
Xceleration corporate clients may use various methods for allowing you to choose to receive or cease receiving messages, depending upon the individual corporate client’s needs and the requirements for each specific program. Corporate clients may include in their registration web site a question about not receiving messages, use an unsubscribe email reply option, or use other means in which removal from the invitee or participant list is an option. Xceleration does not sell or distribute data to any third party (other than to the applicable corporate clients and Suppliers) except as authorized under this policy.
5. EU and Switzerland Safe Harbor Privacy Statement
5.1 General Information
This section describe how Xceleration collects, uses, and disclose EU and Swiss Personal Data, which is certain personally identifiable information that Xceleration receives in the United States about individuals resident in the European Union (the “EU”) and Switzerland. It supplements and supersedes any similar provision above, but only with regards to individuals resident in the European Union or Switzerland. Xceleration complies with the US-EU and US-Swiss Safe Harbor Privacy Principles as set forth by the U.S. Department of Commerce (“the Principles”), with respect to the collection, use, and retention of data from the EU and Switzerland.
Xceleration complies with the US-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Xceleration has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification page, please visit http://www.export.gov/safeharbor
Xceleration has further committed to refer unresolved privacy complaints under the US-EU Safe Harbor Principlesand the and the U.S.-Swiss Safe Harbor Framework to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Xceleration please visit the BBB EU SAFE HARBOR web site athttp://www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.
5.2 Definitions used in this EU and Swiss Safe Harbor Privacy Statement “Adequate” or “adequacy” has the meaning ascribed in the EU Directive on Data Processing 95/46/EC.
“Data Controller” means the controller who transfers Personal Data as defined by the EU Directive on Data Processing 95/46/EC
“Personal Data” means data that is (a) transferred to the United States from the EU or Switzerland, (b) is about, or relates to, an identified or identifiable individual, (c) can be linked to that individual, and (d) is recorded. Personal data may include, among other things, an individual’s name, address, phone number, e-mail address, social security or national health insurance or an equivalent number. For further clarity, the term “Personal Data” does not include data that pertains to a specific individual, but from which that individual cannot reasonably be identified. Unless otherwise indicated, references herein to Personal Data include sensitive Personal Data (as defined below).
“Sensitive Personal Data” means data that is a subset of Personal Data that indicates an individual’s medical or health condition, racial or ethnic origin, political opinions, religion, union membership, sexual orientation, or actual or alleged criminal activity.
“Users” has the meaning set out above and, for the matters in this Section, also includes Public Website Visitors.
Xceleration collects Personal Data from and about individuals via Xceleration Websites and Xceleration-Powered Websites for the purposes of [(a) providing Xceleration Services; (b) facilitating communications between you and third parties; (c) our marketing activities; and (d) all credit and other financial checks in relation to any payments made by them for Xceleration Services].
Any complaints or questions should be first sent to us by email at info@Xceleration.com. Users can also write to us at Attention: Director, Technical Solutions, Xceleration Inc., 5901-A Peachtree Dunwoody Rd, Suite 400, Atlanta, GA 30328, USA. Xceleration will respond to personal information change requests within 30 days of receiving such requests.
When Xceleration receives Personal Data from the EU or Switzerland merely for processing purposes in the United States and does not control the collection of the Personal Data, Xceleration may not provide notification of this EU and Swiss Safe Harbor Privacy Statement to the Users to which such Personal Data relates. In such event, Xceleration reserves the right to process Personal Data in the course of providing Xceleration Services to Buyers, Suppliers or other of its clients or otherwise for Xceleration’s operation of its business without the knowledge of the Users involved.
Except as provided below, Xceleration gives Users from whom it collects Personal Data the opportunity to choose not to allow Xceleration to disclose his or her Personal Data to a third party or to use it for a purpose incompatible with the purpose for which it was originally collected (the “opt-out” rights). For Sensitive Personal Data, Xceleration requires such User to affirmatively choose to allow for the data is to be disclosed to a third party or used for a purpose other than its original purpose (the “opt-in” choice).
Users desiring to exercise their opt-out rights should first contact us by email at info@Xceleration.com. Users can also write to us at Attention: Director, Technical Solutions, Xceleration Inc., 5901-A Peachtree Dunwoody Rd, Suite 400, Atlanta, GA 30328, USA.
When Xceleration receives Personal Data merely for processing purposes in the United States and does not control the collection of the Personal Data, Xceleration may not provide such choices to the Users to whom such Personal Data relates.
5.5 Onward Transfer to Third Parties
Xceleration may disclose Personal Data to a third party if (a) Xceleration has received the applicable User’s permission to make the disclosure, (b) the disclosure is necessary to meet national security, public interest, or law enforcement requirements, (c) allowed by a law that creates conflicting obligations for Xceleration or that explicitly authorizes disclosure (except that we will limit such disclosure to the extent necessary), or (d) the Principals allow for other exceptions provided that it is applied to other Users equally.
Xceleration takes security measures designed to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These measures include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures designed to guard against unauthorized access to systems where we store Personal Data.
Xceleration restricts access to Personal Data internally to Xceleration agents and partners who need to know that information in order to operate, develop or improve our services. These parties are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
5.7 Data Integrity
Xceleration takes reasonable steps to ensure that Personal Data is reliable, accurate, complete, current and relevant for the purposes for which it was collected.
Consistent with any applicable client commitments, Xceleration will permit Users upon their request to access their Personal Data and correct any erroneous information. The User may need to provide sufficient identifying information, such as name, address, birth date, and social security or national health insurance or an equivalent number. Such access may be denied or limited by Xceleration if providing such access is unreasonably burdensome, expensive under the circumstances, or if in giving such access would violate another person’s rights. In some circumstances, Xceleration may charge a reasonable fee for access to Personal Data. Users can contact the Xceleration customer services team at firstname.lastname@example.org to request access to change personal information.
Xceleration will conduct an annual self-assessment to ensure that this Statement is published and disseminated within Xceleration and on its website and that it conforms to the Principles. In addition, Xceleration has deployed internal processes to monitor Xceleration’s compliance with the Principles and to address all questions or complaints. Xceleration will also self-certify annually with the U.S. Department of Commerce as being in compliance with the Principles. [Xceleration participates in The Council of Better Business Bureau’s (the “Independent Monitor”) EU and Switzerland Safe Harbor Privacy Dispute Resolution Procedure.]
Xceleration has further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Xceleration, please visit the BBB EU SAFE HARBOR web site at http://www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.
What If You Do Not Get A Satisfactory Response?
We will try our best to see that you will always get a satisfactory response from us. As part of this effort, we also offer recourse to contact the Independent Monitor, an independent, nonprofit organization dedicated to enabling individuals and organizations to establish trusting relationships based on respect for personal identity and information in the evolving networked world. Xceleration is a licensee of the Independent Monitor Privacy Program. If Users do not get a satisfactory response from us and have to use Independent Monitor, then the Independent Monitor will have the ability to sanction us under our agreement with them. These sanctions include the possibility of publicly disclosing our violations, deletion of data from our system, injunctive orders and suspension from participation in the U.S. Safe Harbor program. Additionally, if we fail to comply with the sanctions imposed on us by Better Business Bureau, then we would fall under the jurisdiction of the U.S. Federal Trade Commission Act for possible deceptive trade actions.
This EU and Swiss Safe Harbor Privacy Statement covers the Xceleration Websites. The Independent Monitor’s certification covers the gathering and dissemination of information described in this EU and Swiss Safe Harbor Privacy Statement, but not any of our other data processing practices.