Xceleration Privacy Policy

1. Introduction

Your privacy is important to us. We are Xceleration Partners, LLC (“Xceleration” or “we” or “us”). We post this privacy statement (the “Privacy Statement”) so that you are aware of the information we collect, how it is handled and with whom it is shared.

This Privacy Statement relates to the following websites:  www.xceleration.com, and www.rewardstation.com (together, the “Xceleration Websites”), and services provided through Xceleration Websites or Xceleration-Powered Websites (collectively the “Xceleration Services”).  An “Xceleration-Powered Website” means a website not owned by Xceleration, but which has a license from Xceleration to utilize certain Xceleration technologies. A “User” means any individual who has access through the use of a password to an Xceleration Website or Xceleration-Powered Website, including buyers of Xceleration Services, participants of programs provided through an Xceleration Website or Xceleration-Powered Website, and employees and agents of corporate clients and Suppliers.

Your Use of the Website Implies Your Consent

Your use of Xceleration Websites or Services signifies your acceptance of this Privacy Statement.  If you do not agree or are not comfortable with any policy described in this Privacy Statement, your remedies are to discontinue your use of the relevant website or to follow instructions described elsewhere in this Privacy Statement.

Changes in this Privacy Statement    

We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy or use of your personal information, we will notify you within this Privacy Policy and by means of notification on our home page, your program website, another appropriate place or by email.

Testimonials

We post customer testimonials on our web sites, which may contain personally identifiable information such as the customer’s name.  We obtain the customer’s consent prior to posting such testimonial.

Security of Data

The security of your personal information is important to us.  When you enter sensitive information (such as credit card or social security numbers) on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). (To learn more about SSL, go to http://en.wikipedia.org/wiki/Secure_Sockets_Layer). When we store your information in databases or in flat files, we utilize encryption technologies to ensure extremely high levels of data protection.

We follow generally accepted industry standards to protect personal information submitted to us (both during transmission and once we receive it). No method of transmission over the Internet, or method of electronic storage, however, is 100% secure. Therefore, while we use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. 

Laws and Regulations

This Privacy Statement has been reviewed by legal counsel in conjunction with applicable laws and regulations, and we will use commercially reasonable efforts to monitor and update this Privacy Statement as necessary for legal compliance purposes.

Retention Policy

We will retain personal information only as long as necessary to fulfill the purposes set forth in this Privacy Statement, or for a period specifically required by law or regulation and thereafter will be disposed of securely or made anonymous so that it cannot be identified to any individual.

Xceleration’s specific retention policy is set at three years.  After three years, all data that is not currently in use as part of an active program will be destroyed.

Privacy Incident and Breach Management

We have implemented a formal, comprehensive privacy incident and breach management program, which specifies the following: (a) Incidents and breaches are reported to a member of our breach team. (b) The Manager responsible for privacy issues and security has the overall accountability and is supported by the privacy and security steering committee(s). (c) We have a privacy breach notification policy in order to deliver notices in a timely and legal fashion. (d) Our program includes a clear escalation path. (e) Our program sets forth a process for contacting law enforcement, regulatory, or other authorities when necessary.

If you feel there has been an incident or breach please contact Xceleration at 1-888-800-4191 or email us at info@xceleration.com (put “Privacy Compliance” in subject line).

Changes Related to Privacy

We have ongoing processes in place to monitor, assess, and address the effect on privacy requirements from various changes, including but not necessarily limited to changes related to legal and regulatory environments, industry standards, contracts with third parties, business operations and processes, people assigned responsibility for privacy and security matters, and technology.

Categories of Who Is Covered in this Privacy Statement

  • If you are a visitor to the portions of Xceleration Websites or an Xceleration-Powered Website that can be accessed without a password (our “Public Website”), please see the section “Public Website Privacy” with respect to data about you. We refer to you as a “Public Website Visitor”.
  • If you are a User, please see the section “User Privacy” below for information on our data processing practices with respect to data about you.
  • If you are a User or Public Website Visitor, and are a resident of any European Union member state or Switzerland, please also see Section 5., “EU and Switzerland Privacy Statement”, with respect to data about you in reference to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. We refer to data relating to you as an identifiable individual as “EU or Swiss Personal Data.”

What Is Not Covered in this Privacy Statement

We cover only our data processing practices described in this Privacy Statement. Without limitation, this Privacy Statement does not cover data that we collect offline, on businesses or legal entities or on our employees. 

How You Can Contact Us

If you have questions or concerns regarding this Privacy Statement, you should first contact us by email at info@Xceleration.com (put “Privacy Compliance” in subject line).  You can also write to us at Attention: Privacy Officer, Xceleration Partners, LLC, 5901-A Peachtree Dunwoody Rd, Suite 200, Atlanta, GA 30328, USA. Xceleration will respond to personal information change requests within 30 days of receiving such requests.

 

2. Overview of Xceleration Services

2.1 Suppliers of Services to Corporate Clients

Xceleration provides access to its applications via Xceleration Websites and Xceleration-Powered Websites to suppliers of services to corporate clients (“Suppliers”). These Suppliers include travel and event reservation services, and merchandise fulfillment suppliers.  Any such service providers are required by contract to implement privacy and security safeguards consistent with this policy, including the EU-US Privacy Shield and the Swiss-US Privacy Shield.

2.2 Buyers of Services for Corporate Clients

Individuals and companies (“Buyers”) use Xceleration’s technology via Xceleration Websites or Xceleration-Powered Websites on behalf of corporate clients to manage incentive programs, and to purchase services for these programs from Suppliers.

2.2 Participants of Programs Hosted by Corporate Clients

Participants (generally corporate client employees or stakeholders) use Xceleration Services when invited or registered by a corporate client to participate in a program. They do so by viewing an Xceleration-Powered Website that contains questions created by the corporate client. By responding to these questions, the participant gives the corporate client information about the participants’ activities relevant for participating in that specific program.

 

3. Public Website Privacy Statement

This section describes how Xceleration uses and disseminates information collected about Public Website Visitors through our Public Website; it does not cover any other data processing activities.

We Won’t Collect Any Information about Public Website Visitors.

We use cookies and various traffic tracking technologies to monitor the use of our Public Websites. We collect such data related to Internet Protocol (“IP”) addresses, browser type, and cookies, but do not link it to any personally identifiable information (such as names and email addresses) that you may submit to us through other means.

Use of Cookies.

A “cookie” is a small text file containing information that a web browser transfers to your computer’s hard disk for record-keeping purposes. On the Public Websites, we may use cookies to analyze our site traffic patterns, but, except as described above, we link cookies only to IP addresses and not any personally identifiable information about Public Website Visitors.


 4. User Privacy Statement

4.1 Buyers of Services for Corporate Clients

If you are a User acting as a Buyer of Services, the following terms are applicable to you:

4.1.1 General Information

  • We will only use your personal information for the purposes of [(a) providing Xceleration Services; (b) facilitating communications between you and third parties; (c) our marketing activities; and (d) all credit and other financial checks in relation to any payments made by you for Xceleration Services]. Xceleration does not resell or transfer your e-mail addresses or any other personal information to third parties without your explicit permission or as allowed by law.
  • The corporate clients are expected to ensure all information related to Users are collected and processed in accordance with the European and Swiss legislation regarding data protection or in accordance with the European Union – United States (EU-US) Privacy Shield Framework and the Swiss-US Privacy Shield Framework.  Corporate clients have informed Xceleration that Users have given their explicit consent to have their sensitive data processed. Xceleration may provide analysis and reports based on aggregated User data to other third parties as a natural course of doing business. These reports and analysis of aggregated data will not include individual User information or company names.
  • You have a right to access personal information about you that Xceleration holds. You have the right to correct, amend, or delete that information when it is inaccurate (except when the burden or expense of providing access would be disproportionate to the risks to your privacy, or when the rights of other persons would be violated). It is your responsibility to update personal information as necessary.
  • Registering to use Xceleration Services requires you to give us some contact information (like your name, phone number, street and e-mail address).  We will use this contact information to send you information about our systems and Xceleration. Your contact information is also used to contact you when necessary (for example, following up on a request from you for technical support).
  • You can update your records in the Xceleration system by accessing the user information administration feature in the system or by sending an email to info@Xceleration.com (put “Update Records” in the subject line). You can also write to us at Attention: Privacy Officer, Xceleration Partners, LLC,, 5901-A Peachtree Dunwoody Rd, Suite 200, Atlanta, GA 30328, USA.

4.1.2 Communications

You may choose to receive special offers and other messages from Xceleration or its partners.  You may, however, also choose to cease receiving such messages by updating your profile or sending an e-mail to info@Xceleration.com (put “Privacy Compliance” in subject line) to change information previously provided, remove your information from our database, cancel any future communications or to cancel our service. You can also write to us at Attention: Privacy Officer, Xceleration Partners, LLC, 5901-A Peachtree Dunwoody Rd, Suite 200, Atlanta, GA 30328, USA.
4.2 Participants of Programs Hosted by Corporate Clients

If you are a participant using Xceleration Services to register for a program hosted by a corporate client, the following terms are applicable to you:
4.2.1 General Information

  • Your personal information and other pertinent information will be collected when you register for a program on an [Xceleration-Powered Website [or] Xceleration Website]. Any information that you provide will be stored on a system managed by Xceleration.
  • The information you provide is the property of the corporate clients to whom you have provided the information. The corporate client is regarded as the Data Controller.

All such personal information is completely accessible to the respective corporate client and its agents.  Each Xceleration corporate client has it own privacy statement.  By providing your personal information to Xceleration for use by a corporate client or a Supplier (e.g. to make reservations with a particular hotel, or order an award to be shipped to your home address) you consent to Xceleration providing a copy of your personal information to that corporate client or Supplier for collection, processing and any further transfer in accordance with the privacy statement (if any) of that corporate client or Supplier.  Xceleration in not responsible for any actions of corporate clients or Suppliers; however, Suppliers are required by contract to implement privacy and security safeguards consistent with this policy, including the EU-US Privacy Shield and the Swiss-US Privacy Shield.

4.2.2 Communications

Xceleration corporate clients may use various methods for allowing you to choose to receive or cease receiving messages, depending upon the individual corporate client’s needs and the requirements for each specific program. Corporate clients may include in their registration web site a question about not receiving messages, use an unsubscribe email reply option, or use other means in which removal from the invitee or participant list is an option.  Xceleration does not sell or distribute data to any third party (other than to the applicable corporate clients and Suppliers) except as authorized under this policy.

 

5. EU and Switzerland Privacy Statement

5.1 General Information
This section describes how Xceleration collects, uses, and disclose EU and Swiss Personal Data, which is certain personally identifiable information that Xceleration receives in the United States about individuals resident in the European Union (the “EU”) and Switzerland.   It supplements and supersedes any similar provision above, but only with regards to individuals resident in the European Union or Switzerland.  Xceleration complies with the EU-US Privacy Shield and Swiss-US Privacy Shield Principles as set forth by the U.S. Department of Commerce (“the Principles”), with respect to the collection, use, and retention of data from the EU and Switzerland.

Xceleration complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland with respect to personal information that we receive from our corporate clients.  Xceleration has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.  If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

5.2 Definitions used in this EU and Switzerland Privacy Statement:

“Adequate” or “adequacy” has the meaning ascribed in the EU Directive on Data Processing 95/46/EC.

“Data Controller” means the controller who transfers Personal Data as defined by the EU Directive on Data Processing 95/46/EC

“Personal Data” means data that is (a) transferred to the United States from the EU or Switzerland, (b) is about, or relates to, an identified or identifiable individual, (c) can be linked to that individual, and (d) is recorded. Personal data may include, among other things, an individual’s name, address, phone number, e-mail address, social security or national health insurance or an equivalent number. For further clarity, the term “Personal Data” does not include data that pertains to a specific individual, but from which that individual cannot reasonably be identified. Unless otherwise indicated, references herein to Personal Data include sensitive Personal Data (as defined below).

“Sensitive Personal Data” means data that is a subset of Personal Data that indicates an individual’s medical or health condition, racial or ethnic origin, political opinions, religion, union membership, sexual orientation, or actual or alleged criminal activity.

“Users” has the meaning set out above and, for the matters in this Section, also includes Public Website Visitors.

5.3 Notice

Xceleration collects Personal Data from and about individuals via Xceleration Websites and Xceleration-Powered Websites for the purposes of [(a) providing Xceleration Services; (b) facilitating communications between you and third parties; (c) our marketing activities; and (d) all credit and other financial checks in relation to any payments made by them for Xceleration Services].

Any complaints or questions should be first sent to us by email at info@Xceleration.com (put “Privacy Compliance” in subject line).  Users can also write to us at Attention: Privacy Officer, Xceleration Partners, LLC, 5901-A Peachtree Dunwoody Rd, Suite 200, Atlanta, GA 30328, USA. Xceleration will respond to personal information change requests within 30 days of receiving such requests.

When Xceleration receives Personal Data from the EU or Switzerland merely for processing purposes in the United States and does not control the collection of the Personal Data, Xceleration may not provide notification of this EU and Switzerland Privacy Statement to the Users to which such Personal Data relates. In such event, Xceleration reserves the right to process Personal Data in the course of providing Xceleration Services to Buyers, Suppliers or other of its clients or otherwise for Xceleration’s operation of its business without the knowledge of the Users involved.

5.4 Choice

Except as provided below, Xceleration gives Users from whom it collects Personal Data the opportunity to choose not to allow Xceleration to disclose his or her Personal Data to a third party or to use it for a purpose incompatible with the purpose for which it was originally collected (the “opt-out” rights). For Sensitive Personal Data, Xceleration requires such User to affirmatively choose to allow for the data is to be disclosed to a third party or used for a purpose other than its original purpose (the “opt-in” choice).

Users desiring to exercise their opt-out rights should first contact us by email at info@Xceleration.com (put “Privacy Compliance” in subject line). Users can also write to us at Attention: Privacy Officer, Xceleration Partners, LLC, 5901-A Peachtree Dunwoody Rd, Suite 200, Atlanta, GA 30328, USA.

When Xceleration receives Personal Data merely for processing purposes in the United States and does not control the collection of the Personal Data, Xceleration may not provide such choices to the Users to whom such Personal Data relates.

5.5 Accountability for Onward Transfer to Third Parties

Xceleration may disclose Personal Data to a third party if (a) Xceleration has received the applicable User’s permission to make the disclosure, (b) the disclosure is required in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, (c) allowed by a law that creates conflicting obligations for Xceleration or that explicitly authorizes disclosure (except that we will limit such disclosure to the extent necessary), or (d) the Principals allow for other exceptions provided that it is applied to other Users equally.

In cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US  Privacy Shield Frameworks, Xceleration is potentially liable.

5.6 Security

Xceleration takes security measures designed to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These measures include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures designed to guard against unauthorized access to systems where we store Personal Data.

Xceleration restricts access to Personal Data internally to Xceleration agents and partners who need to know that information in order to operate, develop or improve our services. These parties are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

5.7 Data Integrity and Purpose Limitation

Xceleration takes reasonable steps to ensure that Personal Data is reliable, accurate, complete, current and relevant for the purposes for which it was collected.

5.8 Access

Xceleration acknowledges that EU and Swiss individuals have the right to access the personal data that we maintain about them.  Consistent with any applicable client commitments, Xceleration will permit Users upon their request to access their Personal Data and correct any erroneous information. The User may need to provide sufficient identifying information, such as name, address, birth date, and social security or national health insurance or an equivalent number. Such access may be denied or limited by Xceleration if providing such access is unreasonably burdensome, expensive under the circumstances, or if in giving such access would violate another person’s rights. In some circumstances, Xceleration may charge a reasonable fee for access to Personal Data. Users can contact the Xceleration customer services team at support@rewardstation.com to request access to change or delete personal information.

5.9 Recourse, Enforcement, and Liability

Xceleration will conduct an annual self-assessment to ensure that this Statement is published and disseminated within Xceleration and on its website and that it conforms to the Principles. In addition, Xceleration has deployed internal processes to monitor Xceleration’s compliance with the Principles and to address all questions or complaints. Xceleration will also self-certify annually with the U.S. Department of Commerce as being in compliance with the Principles. [Xceleration participates in The Council of Better Business Bureau’s (the “Independent Monitor”) EU and Switzerland Privacy Dispute Resolution Procedures.]

In compliance with the EU-US and Swiss-US Privacy Shield Principles, Xceleration commits to resolve complaints about your privacy and our collection or use of your personal information.  European Union or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact Xceleration at info@xceleration.com (put “Privacy Compliance” in subject line). Users can also write to us at Attention: Privacy Officer, Xceleration Partners, LLC, 5901-A Peachtree Dunwoody Rd, Suite 200, Atlanta, GA 30328, USA. If a User raises such a concern or complaint, Xceleration will investigate the matter and attempt to resolve all issues to the satisfaction of the individual raising the concern or complaint.

5.9.1 Unresolved Privacy Complaints

Xceleration has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if Xceleration does not satisfactorily address your complaint, please visit the BBB EU PRIVACY SHIELD web site at http://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Under certain limited conditions, individuals may invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.

If your complaint is not satisfactorily addressed, and your inquiry or complaint involves human resource data transferred from the EU in the context of the employment relationship, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work.  Xceleration agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the FDPIC.

What If You Do Not Get A Satisfactory Response?

We will try our best to see that you will always get a satisfactory response from us. As part of this effort, we also offer recourse to contact the Independent Monitor, an independent, nonprofit organization dedicated to enabling individuals and organizations to establish trusting relationships based on respect for personal identity and information in the evolving networked world.  Xceleration is a licensee of the Independent Monitor Privacy Program. If Users do not get a satisfactory response from us and have to use Independent Monitor, then the Independent Monitor will have the ability to sanction us under our agreement with them.  These sanctions include the possibility of publicly disclosing our violations, deletion of data from our system, injunctive orders and suspension from participation in the EU-US Privacy Shield and/or Swiss-US Privacy Shield programs.

Xceleration is subject to the investigative and enforcement powers of the Federal Trade Commission (FTC).

This EU and Switzerland Privacy Statement covers the Xceleration Websites.