EFFECTIVE DATE: June 1, 2020
MetaCX has implemented processes intended to protect user information and maintain security of data that we process. Each account holder is assigned a unique username and password, which is required to access their account. It is your responsibility to protect the security of this login information. When you enter sensitive information (such as your login information) on our site, we encrypt all system or customer data in transit and at rest.
Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.
MFA is intended to add an additional layer of security to protect your account from unauthorized access. Users are required to use the multi-factor authentication self-enrollment process when authenticating to MetaCX services.
We respect the privacy of all users, and consider all data that is collected to be private. MetaCX may access this data only for the purpose of providing the MetaCX Services, preventing or addressing service or technical problems, at a Customer’s request in connection with customer support matters, or as may be required by law. MetaCX will not distribute or sell your information to a 3rd party, except as disclosed in this policy. When you utilize the MetaCX Service globally, data is submitted and transferred into the United States and you hereby consent to such transfer.
MetaCX collects information under the direction of its clients, and has no direct relationship with the individuals whose personal data it processes. We collect information for our clients, if you are a customer of one of our clients and would no longer like to be contacted by one of our clients that use our service, please contact the client that you interact with directly.
MetaCX collects 3rd party information when a customer connects an integration to our platform. This information is retained, even if the integration is disconnected. If the client requests MetaCX to remove the data, we will respond to their request within 30 business days.
MetaCX may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this policy regarding notice and choice and the service agreements with our clients.
MetaCX has no direct relationship with the individuals whose personal data it processed. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to MetaCX’s client, the data controller. If the client requests MetaCX to remove the data, we will respond to their request within 30 business days.
Information we collect is not distributed or sold to a 3rd party. It will only be used to communicate with you about your MetaCX account, and where needed as part of certain MetaCX features. You may update, change or delete your account information at any time by accessing your information on your account or contact us at email@example.com or by contacting us by postal mail at the contact information listed below. We will respond to your request to access personal information within 30 days.
We will retain your information and personal information we process on behalf of our clients for as long as your account is active or as needed to provide services to our client. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
WEB SERVER LOGS
MetaCX will gather certain information automatically and store it in log files. These log files contain standard information collected by web servers, such as client IP addresses, browser type, internet service provider (ISP), operating system, etc. This information is only used internally, and is not distributed or sold to a 3rd party. MetaCX uses this information, which does not identify individual users, to analyze trends, to administer the MetaCX website and to gather demographic information about its user base as a whole. MetaCX does not link this automatically collected data to personal information.
You can choose to connect your MetaCX account with third-party services––for example, via CXreactor connections. By doing so, you’re enabling MetaCX and those third parties to exchange information about you and your account.
YOUR PRIVACY RIGHTS AND CHOICES
Privacy Rights for Individuals in the European Economic Area (“E.E.A.”)
Under the European Union’s General Data Protection Regulation (GDPR), individuals in the E.E.A. have additional privacy rights:
- Right to be Informed. Individuals have the right to transparency regarding MetaCX’s collection of personal information.
- Right of Access. Individuals have the right to know exactly what information is held about them and how it is processed.
- Right of Rectification. Individuals will be entitled to have personal data rectified if it is inaccurate or incomplete.
- Right to Erasure. Also known as ‘the right to be forgotten’, this refers to an individual’s right to having their personal data deleted or removed without the need for a specific reason as to why they wish to discontinue.
- Right to Restrict Processing. An individual’s right to block or suppress processing of their personal data.
- Right to Data Portability. This allows individuals to retain and reuse their personal data for their own purpose.
- Right to Object. In certain circumstances, individuals are entitled to object to their personal data being used.
- Rights of Automated Decision Making and Profiling. The GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention
If you wish to exercise your rights under the GDPR, please contact MetaCX at firstname.lastname@example.org. You can also contact the appropriate National Data Protection Authority by visiting the following website: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Your California Privacy Rights
MetaCX does not sell personal information. MetaCX may share personal information with third parties or allow them to collect personal information from MetaCX products if those third parties are authorized service providers or business partners who have agreed to contractual limitations as to their retention, use, and disclosure of personal information. As a data processor for customers, MetaCX may collect and disclose the following categories of personal information for business purposes: identifiers; commercial information; Internet activity information; financial information; professional and employment-related information; education information; and inferences drawn from any of the above information categories. MetaCX may collect and disclose this information to provide the MetaCX products and services to its customers.
If you are a California resident, you may exercise certain rights associated with your personal information, like the right to access or delete your personal information. If you are a California resident and would like to make such a request, please contact email@example.com. MetaCX may request information from you to verify any request before processing. MetaCX will not discriminate against consumers that exercise these rights. Further, an authorized agent may exercise these rights for you without penalty.
COMPLIANCE WITH CHILDREN’S ONLINE PRIVACY PROTECTION ACT
The MetaCX website and MetaCX services are not intended for children under the age of 18 nor do we knowingly collect personal information from children under 18. As a business service, MetaCX does not target its offering toward, and does not knowingly collect any personal information from, users under thirteen (13) years of age.
MetaCX employs an event-based immutable event architecture. That means that events sent to MetaCX via the events or analytics APIs are retained indefinitely or until the customer requests that their account be deleted. If you would like to request the cancellation or deactivation of your account, please contact firstname.lastname@example.org.
A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. They are widely used to “remember” your preferences, through a single session or across multiple repeated visits to a site or service. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we say “cookies” to refer to all of these technologies.
Your browser may provide you with the option to refuse some or all browser cookies. You may also be able to remove cookies from your browser. Blocking or removing cookies may degrade your experience, and may prevent the application from functioning.
55 Monument Circle, Suite 1400
Indianapolis, IN 46204