XMedius Solutions Inc. and its affiliates (collectively “XMedius“) respect the privacy of your personal information and is committed to protecting it and using it solely for the purpose for which it was collected.
- SCOPE AND APPLICATION
- WHY WE COLLECT INFORMATION
- WHAT INFORMATION WE COLLECT AND HOW IS IT STORED
- HOW IS THE INFORMATION COMMUNICATED
- HYPERLINKS AND THIRD PARTIES
- GENERAL INFORMATION AND HOW TO EXERCISE YOUR RIGHTS
The term “personal information” means information that specifically identifies any individual, such as name, date of birth and email address, and any other information that is required by applicable law to be treated as “personal information”.
The Interface offers on-premises and/or cloud services relating, among other things, to the transmission of faxes and secure file sharing (the “XMedius Cloud Services”).
The information is collected and used notably for the following purposes:
- to render the Services properly, including for managing XMedius Cloud accounts;
- to address any problems which are brought to our attention, including for the purpose of troubleshooting, supporting, optimizing and investigating security events on XMedius Cloud Services or restoring data loss;
- to evaluate, optimize and improve the Services;
- to contact you about the Services;
- to track Service’s usage and invoice the Services.
Hosted in collocation datacenters operated in the USA, France and Canada:
- Documents and information related to the fax transmissions (including contact phonebooks (name, email addresses, addresses, phone numbers, and gender), documents and metadata), cookies and security tokens;
- System logs data, which may include IP addresses, MAC addresses, device IDs, unique IDs, network traces, fax metadata, phone numbers, usernames and computer names.
Hosted in public cloud infrastructure operated by third party PaaS, IaaS Cloud provider in the USA, Ireland and Canada:
- Account management data, including account information, account settings, service usages (including CDRs, invoices and consumption history), user directory (including names, emails, addresses, phone numbers, usernames and password hashes), fax number requests, cookies and security tokens;
- SendSecure application data, including files, messages, participants information (including names, emails and phone numbers), SendSecure settings, encryption keys, audit trails (including names, emails addresses, filenames and IP addresses), other metadata, cookies and security tokens;
- System logs data, that may include IP addresses, MAC addresses, device ID, unique IDs, network trace, phone number, username and computer name;
Data pertaining to fax application, account management and SendSecure application will be retained for a period of 90 days after the account termination, after which it will be deleted. System logs data and backup data may be retained for up to 1 year and may be accessed by the cloud infrastructure team.
Hosted application (SaaS) by third parties in the USA:
Support ticketing data, including customer information (name, contact information, email) support ticket messages and support files. Support ticketing data 90 days after the account termination.
- Billing data, including billing information (name, phone, email, address, etc.), invoices, service usages and, credit card information. Billing data (excluding credit card information) may be kept for up to 7 years after the account termination.
For its fax service, XMedius make use of Telecommunication service providers (Telco) to send and receive fax calls. As such, fax transmission will be transported through those Telco networks and other required Telco peers to complete fax delivery on the PSTN.
Customers may optionally configure XMedius Cloud Services to integrate with third party services such Google cloud print, Xerox Mobile Print, HP E-print services, ReCaptcha, etc. Concerning the data privacy when using those services, customers must refer their applicable privacy policies.
SendSecure make use of SMS and voice service providers to send two factor authentication codes, while no personal data is transmitted in those messages, the recipient phone number is used as a delivery address.
We never disclose your personal information to anyone outside of XMedius without your consent, except for the following and only if such third party has in place appropriate safeguards that ensure at least the same level of security than ours:
- our providers whose services have been retained to carry out duties on our behalf (e.g. data processing). XMedius takes the necessary means to ensure that these third-party providers process your information for the sole purpose identified by XMedius;
- any entity resulting from a merger, a corporation reorganization or change in control of XMedius, in whole or in part;
- any public authority if the law so requires, to defend our rights, or otherwise in compliance with the law. In the event where XMedius is required to divulge information or to provide a copy of such information to a governmental authority under law or pursuant to a court order, XMedius will attempt to notify you beforehand, to the extent, however, that it is legally authorized to do so.
At the exclusion of the metadata, and in such case, for the purposes so designated in section 3 above, we do not monitor the content of correspondence conducted through our Services. Although sent documents are kept on our servers to make them available to you and to the recipient of such documents, we do not access, or give access to, the content of the documents unless we have a reason to believe that there is an infringement of our Terms and Conditions, or only in compliance with such Terms and Conditions. We do not make the content of the documents available to any third party other than the recipient, unless we are required to do so by law.
All data is stored on servers with high-security safeguards, protected against misuse and access by unauthorized individuals. We endeavor to maintain appropriate physical, procedural and technical security with respect to our offices and information storage facilities. Any information is only made available to individuals (employees or agents) who require access to such information to carry out their responsibilities.
For the data stored in our regional nodes operated from Europe, USA and Canada, XMedius will not initiate a customer data transfer outside the designated zone without the explicit consent of the customer. Although, for the purpose of provisioning, billing, supporting, troubleshooting, the relevant personnel located in Canada and Europe may remotely consult and/or transfer information located in USA, Europe and Canada.
While XMedius takes reasonable means to protect your privacy, please be aware that no method of transmitting information over the Internet or storing information is completely secure and thus XMedius cannot guarantee the absolute security of that information during the transmission or storage on its systems or of its subcontractors. XMedius cannot warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties.
You have the following rights with respect to the personal information XMedius collects: (i) right to know and access your personal information collected by XMedius and obtain communications with regard to purposes for which your personal information is processed, (ii) right to update or rectify your personal, (iii) right to erasure of your personal information, (iv) right to object to processing of your personal information by XMedius, (v) right to portability of your personal information.
Address : 3400, de Maisonneuve Boul. W., Suite 1135, Montreal, QC Canada H3Z 3B8
We will do our best to treat your request promptly. Please note that we may sometimes deny your request under relevant laws.
The most up to date version of this policy can be found at: www.xmedius.com/en/privacy-policy/
Last update: 2018-05-22