Xigo Privacy Shield Policy

Effective as of January 29, 2017

Xigo LLC. ("Xigo"), a Dimension Data company, complies with the EU U.S. Privacy Shield Framework set forth by the United States Department of Commerce with respect to the collection, use and retention of Personal Data transferred from the European Economic Area ("EEA") to the United States as further described in the Scope section below. This Privacy Shield Policy outlines our commitment to the Privacy Shield Principles (the "Principles") and our practices for implementing the Principles. Xigo's Privacy Shield (pending) certification can be found here. To learn more about the Privacy Shield Framework, please visit the Department of Commerce's dedicated Privacy Shield website, located here.

Scope

Xigo commits to comply with the Principles with respect to the Personal Data the company receives from its Customers or their Users in the EEA in connection with the use of Xigo's hosted and mobile software applications (the "Subscription Service") and related support services ("Support Services"), as well as professional services "Professional Services" that we provide to Customers. In this Privacy Shield Policy, the Subscription Service, Support Services and the Professional Services are collectively referred to as the "Service."

Definitions

For the purposes of this Privacy Policy:

"Customer" means any entity that purchases the Service.

"Customer Data" means the electronic data uploaded into the Subscription Service by or for a Customer or its Users.

"Data Controller" means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

"Data Processor" means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.

"Device" means a mobile device.

"Personal Data" means any information, excluding Sensitive Data, that is (i) about an identified or identifiable individual and (ii) received by Xigo in the U.S. from the EEA in connection with the Service.

"Sensitive Data" means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

"User" means an individual authorized by Customer to access and use the Subscription Service.

Types of Personal Data Collected

Xigo hosts and processes Customer Data, including any Personal Data contained therein, at the direction of and pursuant to the instructions of Xigo's Customers. Xigo also collects several types of information from our Customers, including:

In addition, Xigo collects general information about its Customers, including a Customer's company name and address, and the Customer representative's contact information ("General Information") for billing and contracting purposes.

Purposes of Collection and Use

Xigo may use Personal Data submitted by our Customers and Users as necessary to provide the Subscription Service, including updating, enhancing, securing and maintaining the Subscription Service and to carry out Xigo's contractual obligations to its Customers. Xigo also obtains General Information in connection with providing the Service and maintaining Xigo's relationships with its Customers.

Third Party Disclosures

We may disclose Personal Data that our Customers and Users provide to our Subscription Service:

Access

Individuals in the EEA generally have the right to access their Personal Data. As an agent processing Personal Data on behalf of its Customers, Xigo does not own or control the Personal Data that it processes on behalf of its Customers or their Users and does not have a direct relationship with the Users whose Personal Data may be processed in connection with providing the Service. Since each Customer is in control of what information, including any Personal Data, it collects from its Users, how that information is used and disclosed, and how that information can be changed, Users of the Subscription Service should contact the applicable Customer administrator with any inquiries about how to access or correct Personal Data contained in Customer Data. To the extent a User makes an access or correction request to Xigo, we will refer the request to the appropriate Xigo Customer and will support such Customer as needed in responding to any request.

To access or correct any General Information Customer has provided, the Customer should contact their Xigo account representative directly or by using the contact information indicated below.

Choice

In accordance with the Principles, Xigo will offer Customers and Users choice to the extent it (i) discloses their Personal Data to third party Controllers, or (ii) uses their Personal Data for a purpose that is materially different from the purposes for which the Personal Data was originally collected or subsequently authorized by the Customer or User. To the extent required by the Principles, Xigo also will obtain opt‑in consent if it engages in certain uses or disclosures of Sensitive Data. Unless Xigo offers Customers and Users an appropriate choice, Xigo uses Personal Data only for purposes that are materially the same as those indicated in this Policy.

Xigo may disclose Personal Data of Customers and Users without offering an opportunity to opt out, and may be required to disclose the Personal Data, (i) to third‑party Processors that Xigo has retained to perform services on its behalf and pursuant to its instructions, (ii) if it is required to do so by law or legal process, or (iii) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. Xigo also reserves the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).

Liability for Onward Transfers

Xigo complies with the Privacy Shield's Principle regarding accountability for onward transfers. Xigo remains liable under the Principles if its onward transfer recipients process Personal Data in a manner inconsistent with the Principles, unless Xigo proves that it was not responsible for the event giving rise to the damage.

Dispute Resolution

If Xigo maintains your Personal Data in one of the Services within the scope of our Privacy Shield certification, you may direct any inquiries or complaints concerning our Privacy Shield compliance to US.CLM.Security@us.didata.com, or in the U.S. or EEA by regular mail as indicated below. Xigo shall respond within 45 days. If your complaint cannot be resolved through Xigo's internal processes, Xigo will cooperate with EU Data Protection Authorities and the U.S. Federal Trade Commission, which has Privacy Shield investigatory and enforcement powers over Xigo. Under certain circumstances, Customers and Users may be able to invoke binding arbitration to address complaints about Xigo's compliance with the Principles.

How to Contact Xigo:

To ask questions or comment about this Privacy Shield Policy and our privacy practices or if you need to update, change or remove your information, contact us at: US.CLM.Security@us.didata.com or by regular mail addressed to:

Xigo LLC
Attn: Security and Data Privacy
5870 Trinity Parkway #250
Centreville, VA 20120