Your privacy is important to us. We are Xceleration Partners, LLC (“Xceleration” or “we” or “us”). We post this privacy statement (the “Privacy Statement”) so that you are aware of the information we collect, how it is handled and with whom it is shared.
This Privacy Statement relates to the following websites: www.xceleration.com, and www.rewardstation.com (together, the “Xceleration Websites”), and services provided through Xceleration Websites or Xceleration-Powered Websites (collectively the “Xceleration Services”). An “Xceleration-Powered Website” means a website not owned by Xceleration, but which has a license from Xceleration to utilize certain Xceleration technologies. A “User” means any individual who has access through the use of a password to an Xceleration Website or Xceleration-Powered Website, including buyers of Xceleration Services, participants of programs provided through an Xceleration Website or Xceleration-Powered Website, and employees and agents of corporate clients and Suppliers.
Your Use of the Website Implies Your Consent
Your use of Xceleration Websites or Services signifies your acceptance of this Privacy Statement. If you do not agree or are not comfortable with any policy described in this Privacy Statement, your remedies are to discontinue your use of the relevant website or to follow instructions described elsewhere in this Privacy Statement.
Changes in this Privacy Statement
We post customer testimonials on our web sites, which may contain personally identifiable information such as the customer’s name. We obtain the customer’s consent prior to posting such testimonial.
Security of Data
The security of your personal information is important to us. When you enter sensitive information (such as credit card or social security numbers) on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). (To learn more about SSL, go to http://en.wikipedia.org/wiki/Secure_Sockets_Layer). When we store your information in databases or in flat files, we utilize encryption technologies to ensure extremely high levels of data protection.
We follow generally accepted industry standards to protect personal information submitted to us (both during transmission and once we receive it). No method of transmission over the Internet, or method of electronic storage, however, is 100% secure. Therefore, while we use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
Laws and Regulations
This Privacy Statement has been reviewed by legal counsel in conjunction with applicable laws and regulations, and we will use commercially reasonable efforts to monitor and update this Privacy Statement as necessary for legal compliance purposes.
We will retain personal information only as long as necessary to fulfill the purposes set forth in this Privacy Statement, or for a period specifically required by law or regulation and thereafter will be disposed of securely or made anonymous so that it cannot be identified to any individual.
Xceleration’s specific retention policy is set at three years. After three years, all data that is not currently in use as part of an active program will be destroyed.
Privacy Incident and Breach Management
We have implemented a formal, comprehensive privacy incident and breach management program, which specifies the following: (a) Incidents and breaches are reported to a member of our breach team. (b) The Manager responsible for privacy issues and security has the overall accountability and is supported by the privacy and security steering committee(s). (c) We have a privacy breach notification policy in order to deliver notices in a timely and legal fashion. (d) Our program includes a clear escalation path. (e) Our program sets forth a process for contacting law enforcement, regulatory, or other authorities when necessary.
If you feel there has been an incident or breach please contact Xceleration at 1-888-800-4191 or email us at email@example.com (put “Privacy Compliance” in subject line).
Changes Related to Privacy
We have ongoing processes in place to monitor, assess, and address the effect on privacy requirements from various changes, including but not necessarily limited to changes related to legal and regulatory environments, industry standards, contracts with third parties, business operations and processes, people assigned responsibility for privacy and security matters, and technology.
Categories of Who Is Covered in this Privacy Statement
What Is Not Covered in this Privacy Statement
We cover only our data processing practices described in this Privacy Statement. Without limitation, this Privacy Statement does not cover data that we collect offline, on businesses or legal entities or on our employees.
How You Can Contact Us
If you have questions or concerns regarding this Privacy Statement, you should first contact us by email at info@Xceleration.com (put “Privacy Compliance” in subject line). You can also write to us at Attention: Privacy Officer, Xceleration Partners, LLC, 5901-A Peachtree Dunwoody Rd, Suite 200, Atlanta, GA 30328, USA. Xceleration will respond to personal information change requests within 30 days of receiving such requests.
2.1 Suppliers of Services to Corporate Clients
Xceleration provides access to its applications via Xceleration Websites and Xceleration-Powered Websites to suppliers of services to corporate clients (“Suppliers”). These Suppliers include travel and event reservation services, and merchandise fulfillment suppliers. Any such service providers are required by contract to implement privacy and security safeguards consistent with this policy, including the EU-US Privacy Shield and the Swiss-US Privacy Shield.
2.2 Buyers of Services for Corporate Clients
Individuals and companies (“Buyers”) use Xceleration’s technology via Xceleration Websites or Xceleration-Powered Websites on behalf of corporate clients to manage incentive programs, and to purchase services for these programs from Suppliers.
2.2 Participants of Programs Hosted by Corporate Clients
Participants (generally corporate client employees or stakeholders) use Xceleration Services when invited or registered by a corporate client to participate in a program. They do so by viewing an Xceleration-Powered Website that contains questions created by the corporate client. By responding to these questions, the participant gives the corporate client information about the participants’ activities relevant for participating in that specific program.
This section describes how Xceleration uses and disseminates information collected about Public Website Visitors through our Public Website; it does not cover any other data processing activities.
We Won’t Collect Any Information about Public Website Visitors.
4.1 Buyers of Services for Corporate Clients
If you are a User acting as a Buyer of Services, the following terms are applicable to you:
4.1.1 General Information
You may choose to receive special offers and other messages from Xceleration or its partners. You may, however, also choose to cease receiving such messages by updating your profile or sending an e-mail to info@Xceleration.com (put “Privacy Compliance” in subject line) to change information previously provided, remove your information from our database, cancel any future communications or to cancel our service. You can also write to us at Attention: Privacy Officer, Xceleration Partners, LLC, 5901-A Peachtree Dunwoody Rd, Suite 200, Atlanta, GA 30328, USA.
4.2 Participants of Programs Hosted by Corporate Clients
If you are a participant using Xceleration Services to register for a program hosted by a corporate client, the following terms are applicable to you:
4.2.1 General Information
All such personal information is completely accessible to the respective corporate client and its agents. Each Xceleration corporate client has it own privacy statement. By providing your personal information to Xceleration for use by a corporate client or a Supplier (e.g. to make reservations with a particular hotel, or order an award to be shipped to your home address) you consent to Xceleration providing a copy of your personal information to that corporate client or Supplier for collection, processing and any further transfer in accordance with the privacy statement (if any) of that corporate client or Supplier. Xceleration in not responsible for any actions of corporate clients or Suppliers; however, Suppliers are required by contract to implement privacy and security safeguards consistent with this policy, including the EU-US Privacy Shield and the Swiss-US Privacy Shield.
Xceleration corporate clients may use various methods for allowing you to choose to receive or cease receiving messages, depending upon the individual corporate client’s needs and the requirements for each specific program. Corporate clients may include in their registration web site a question about not receiving messages, use an unsubscribe email reply option, or use other means in which removal from the invitee or participant list is an option. Xceleration does not sell or distribute data to any third party (other than to the applicable corporate clients and Suppliers) except as authorized under this policy.
5.1 General Information
This section describes how Xceleration collects, uses, and disclose EU and Swiss Personal Data, which is certain personally identifiable information that Xceleration receives in the United States about individuals resident in the European Union (the “EU”) and Switzerland. It supplements and supersedes any similar provision above, but only with regards to individuals resident in the European Union or Switzerland. Xceleration complies with the EU-US Privacy Shield and Swiss-US Privacy Shield Principles as set forth by the U.S. Department of Commerce (“the Principles”), with respect to the collection, use, and retention of data from the EU and Switzerland.
5.2 Definitions used in this EU and Switzerland Privacy Statement:
“Adequate” or “adequacy” has the meaning ascribed in the EU Directive on Data Processing 95/46/EC.
“Data Controller” means the controller who transfers Personal Data as defined by the EU Directive on Data Processing 95/46/EC
“Personal Data” means data that is (a) transferred to the United States from the EU or Switzerland, (b) is about, or relates to, an identified or identifiable individual, (c) can be linked to that individual, and (d) is recorded. Personal data may include, among other things, an individual’s name, address, phone number, e-mail address, social security or national health insurance or an equivalent number. For further clarity, the term “Personal Data” does not include data that pertains to a specific individual, but from which that individual cannot reasonably be identified. Unless otherwise indicated, references herein to Personal Data include sensitive Personal Data (as defined below).
“Sensitive Personal Data” means data that is a subset of Personal Data that indicates an individual’s medical or health condition, racial or ethnic origin, political opinions, religion, union membership, sexual orientation, or actual or alleged criminal activity.
“Users” has the meaning set out above and, for the matters in this Section, also includes Public Website Visitors.
Xceleration collects Personal Data from and about individuals via Xceleration Websites and Xceleration-Powered Websites for the purposes of [(a) providing Xceleration Services; (b) facilitating communications between you and third parties; (c) our marketing activities; and (d) all credit and other financial checks in relation to any payments made by them for Xceleration Services].
Any complaints or questions should be first sent to us by email at info@Xceleration.com (put “Privacy Compliance” in subject line). Users can also write to us at Attention: Privacy Officer, Xceleration Partners, LLC, 5901-A Peachtree Dunwoody Rd, Suite 200, Atlanta, GA 30328, USA. Xceleration will respond to personal information change requests within 30 days of receiving such requests.
When Xceleration receives Personal Data from the EU or Switzerland merely for processing purposes in the United States and does not control the collection of the Personal Data, Xceleration may not provide notification of this EU and Switzerland Privacy Statement to the Users to which such Personal Data relates. In such event, Xceleration reserves the right to process Personal Data in the course of providing Xceleration Services to Buyers, Suppliers or other of its clients or otherwise for Xceleration’s operation of its business without the knowledge of the Users involved.
Except as provided below, Xceleration gives Users from whom it collects Personal Data the opportunity to choose not to allow Xceleration to disclose his or her Personal Data to a third party or to use it for a purpose incompatible with the purpose for which it was originally collected (the “opt-out” rights). For Sensitive Personal Data, Xceleration requires such User to affirmatively choose to allow for the data is to be disclosed to a third party or used for a purpose other than its original purpose (the “opt-in” choice).
Users desiring to exercise their opt-out rights should first contact us by email at info@Xceleration.com (put “Privacy Compliance” in subject line). Users can also write to us at Attention: Privacy Officer, Xceleration Partners, LLC, 5901-A Peachtree Dunwoody Rd, Suite 200, Atlanta, GA 30328, USA.
When Xceleration receives Personal Data merely for processing purposes in the United States and does not control the collection of the Personal Data, Xceleration may not provide such choices to the Users to whom such Personal Data relates.
5.5 Accountability for Onward Transfer to Third Parties
Xceleration may disclose Personal Data to a third party if (a) Xceleration has received the applicable User’s permission to make the disclosure, (b) the disclosure is required in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, (c) allowed by a law that creates conflicting obligations for Xceleration or that explicitly authorizes disclosure (except that we will limit such disclosure to the extent necessary), or (d) the Principals allow for other exceptions provided that it is applied to other Users equally.
In cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield Frameworks, Xceleration is potentially liable.
Xceleration takes security measures designed to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These measures include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures designed to guard against unauthorized access to systems where we store Personal Data.
Xceleration restricts access to Personal Data internally to Xceleration agents and partners who need to know that information in order to operate, develop or improve our services. These parties are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
5.7 Data Integrity and Purpose Limitation
Xceleration takes reasonable steps to ensure that Personal Data is reliable, accurate, complete, current and relevant for the purposes for which it was collected.
Xceleration acknowledges that EU and Swiss individuals have the right to access the personal data that we maintain about them. Consistent with any applicable client commitments, Xceleration will permit Users upon their request to access their Personal Data and correct any erroneous information. The User may need to provide sufficient identifying information, such as name, address, birth date, and social security or national health insurance or an equivalent number. Such access may be denied or limited by Xceleration if providing such access is unreasonably burdensome, expensive under the circumstances, or if in giving such access would violate another person’s rights. In some circumstances, Xceleration may charge a reasonable fee for access to Personal Data. Users can contact the Xceleration customer services team at firstname.lastname@example.org to request access to change or delete personal information.
5.9 Recourse, Enforcement, and Liability
Xceleration will conduct an annual self-assessment to ensure that this Statement is published and disseminated within Xceleration and on its website and that it conforms to the Principles. In addition, Xceleration has deployed internal processes to monitor Xceleration’s compliance with the Principles and to address all questions or complaints. Xceleration will also self-certify annually with the U.S. Department of Commerce as being in compliance with the Principles. [Xceleration participates in The Council of Better Business Bureau’s (the “Independent Monitor”) EU and Switzerland Privacy Dispute Resolution Procedures.]
5.9.1 Unresolved Privacy Complaints
Xceleration has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if Xceleration does not satisfactorily address your complaint, please visit the BBB EU PRIVACY SHIELD web site at http://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Under certain limited conditions, individuals may invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.
If your complaint is not satisfactorily addressed, and your inquiry or complaint involves human resource data transferred from the EU in the context of the employment relationship, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”), and for Swiss Data Subjects, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”). To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. Xceleration agrees to cooperate with the relevant national DPAs and to comply with the decisions of the DPA Panel and the FDPIC.
What If You Do Not Get A Satisfactory Response?
We will try our best to see that you will always get a satisfactory response from us. As part of this effort, we also offer recourse to contact the Independent Monitor, an independent, nonprofit organization dedicated to enabling individuals and organizations to establish trusting relationships based on respect for personal identity and information in the evolving networked world. Xceleration is a licensee of the Independent Monitor Privacy Program. If Users do not get a satisfactory response from us and have to use Independent Monitor, then the Independent Monitor will have the ability to sanction us under our agreement with them. These sanctions include the possibility of publicly disclosing our violations, deletion of data from our system, injunctive orders and suspension from participation in the EU-US Privacy Shield and/or Swiss-US Privacy Shield programs.
Xceleration is subject to the investigative and enforcement powers of the Federal Trade Commission (FTC).
This EU and Switzerland Privacy Statement covers the Xceleration Websites.