Xappex Privacy Policy

We are very pleased about your interest in Xappex, a trading name of Taralex LLC, registered at 6776 Candlewood Trl, West Bloomfield, MI 48322, USA (hereinafter referred to as “Xappex”) and our services.  

Data protection is of a particularly high priority for the management of Xappex. The use of the Xappex website is possible without any indication of Personally Identifiable Information (PII). However, if a data subject wants to use our services, processing of PII could become necessary. If processing of PII is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject. 

The processing of PII, shall always be in line with best practices and data protection law applicable to Xappex. By means of this privacy policy, we would like to inform the public about the nature, scope and purpose of the PII we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy. 

Xappex has implemented numerous technical and organizational measures to ensure the most complete protection of PII processed. Nevertheless, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit PII to us by alternative means, for example by telephone. 

Our principles 

Xappex processes PII in order to better understand the needs of its customers and thus to be able to improve its services. PII will only be used in the specific context of your customer relationship with Xappex to the extent permitted by law or on the basis of your prior express consent.  

In particular, we are committed to the following key principles: 

  • We protect your privacy and aim to provide you with a service that is tailored to your needs. 
  • PII is collected for specific purposes based on your consent or a legitimate interest when you contact us. 
  • You have the right to information and access to your PII at any time and may request its correction or deletion. 
  • We do not sell your PII to third parties. However, if necessary and if explicitly mentioned afterwards or if you have consented, we may share your data with group companies, brand licensees, partners and other service providers. In this case, their own privacy policies may also apply. 
  • We take all reasonable measures to ensure the security and protection of your data from misuse. 
  • PII are processed by us only as necessary and for the purpose of providing a functional and user-friendly website and services, including its contents and the services offered. 

How we use information 

The main reason we use your information is to provide and improve our services. We also use your information to protect you and to provide you with advertisements that may be of interest to you. Read on for a more detailed explanation of the various reasons we use your information, along with practical examples. 

  • To provide our services to you, 
  • To provide you with customer support and respond to your inquiries, 
  • To complete your transactions, 
  • To communicate with you about our services, 
  • To improve our services and develop new services, 
  • To conduct research and analysis of user behavior to improve our services and content (e.g., we may decide to change the look and feel or even substantially modify a particular feature based on user behavior), 
  • To develop new features and services, 
  • To prevent, detect and respond to fraud or other illegal or unauthorized activities, 
  • To address ongoing or perceived misconduct, 
  • To perform data analysis to better understand these activities and develop countermeasures, 
  • To retain data related to fraudulent activity to prevent recurrence, 
  • To ensure compliance with laws, 
  • To comply with legal requirements, 
  • To assist law enforcement, and 
  • To enforce or exercise our rights, for example, our terms of use. 

Cookies 

www.xappex.com uses cookies. Cookies are text files that are stored on a computer system via an Internet browser. 

Numerous Internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID. For more general information on cookies please visit www.allaboutcookies.org and for specific details on the cookies we use please read our Cookie Policy.  

Collection of general data and information 

www.xappex.com collects a series of general data and information each time a data subject or automated system calls up the website. This general data and information is stored in the server log files. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems. 

When using these general data and information, Xappex does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the advertising for these, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack. Therefore, Xappex analyzes anonymously collected data and information on one hand, and on the other hand, with the aim of increasing the data protection and data security of our enterprise so that we can ultimately ensure an optimal level of protection for the PII we process. The anonymous data of the server log files are stored separately from any PII provided by a data subject. 

Contact possibility via the website 

www.xappex.com contains information that enables a quick electronic contact, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller, the PII transmitted by the data subject will be stored automatically. Such PII transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. There is no disclosure of this PII to third parties. 

Routine erasure and blocking of PII 

The controller processes and stores PII of the data subject only for the period of time necessary to achieve the purpose of storage or insofar as this has been provided for in laws or regulations to which the controller is subject. 

If the storage purpose ceases to apply or if a storage period prescribed expires, the PII will be routinely blocked or deleted in accordance with the statutory provisions.  

Processing of PII when using the offered services 

PII will be collected, processed or used (“used”) in connection with the services offered. This is always done in compliance with applicable law. Insofar as we use your PII for a purpose that requires your consent according to the legal provisions, we will always ask for your express consent.  

Direct marketing 

The legal basis for the processing of your PII in the context of direct marketing measures is either your consent or our legitimate interest in marketing and promoting our courses and services. The purpose of processing your PII in the context of direct marketing measures is to send information, offers and, if applicable, to promote sales. 

Your PII will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected; this is the case in particular upon receipt of the revocation or objection. You can revoke your consent at any time for the future or object to the processing of your PII in the context of direct marketing measures at any time for the future.  

Commercial and business services 

We process information of our contractual and business partners, e.g., customers and interested parties in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g., to answer inquiries. 

We process this information to fulfil our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for business organization. We only disclose the information of the contractual partners to third parties within the scope of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of the contractual partners (e.g., to participating telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisers, payment service providers or tax authorities). 

Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organizational procedures, administration, and response to requests, visit action evaluation, interest-based and behavioral marketing. And, the Legal bases are Contractual performance and pre-contractual inquiries, Legal obligation, and our Legitimate interests.  

Administration, financial accounting, office organization, contact management 

We process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities. 

In this context, we disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service provider. 

Furthermore, based on our business interests, we store information on suppliers, and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently. 

Information processing for the purpose of fraud prevention and optimization of our payment processes 

Where applicable, we provide our service providers with further information, which they use together with the information necessary for the processing of the payment as our processors for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, processing of contested payments, accounting support). This serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh our interests in the context of a balancing of interests. 

Technical services 

We process the data of our customers and clients in order to enable them to select, purchase or commission the selected services or works as well as associated activities and to pay for and deliver them or to execute or provide them. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information.  

Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organizational procedures, administration, and response to requests, visit action evaluation, interest-based and behavioral marketing. And, the Legal bases are Contractual performance and pre-contractual inquiries, Legal obligation, and our Legitimate interests.  

Data transfer to payment service providers 

In order to fulfill the contract, we pass on your data to the company commissioned with the payment, insofar as this is necessary for the payment of our services. Depending on which payment method you select, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service provider. In some cases, the selected payment service providers also collect this data themselves. In this case, the privacy policy of the respective payment service provider applies. The legal basis for the data processing is contract.  

Duration for which the PII are stored. 

The criterion for the duration of the storage of PII is the respective statutory retention period. After expiry of the period, the corresponding data will be routinely deleted, provided that they are no longer required for the performance of the contract or the initiation of the contract; legal or contractual provisions for the provision of PII; necessity for the conclusion of the contract; obligation of the data subject to provide the PII; possible consequences of non-provision  

We inform you that the provision of PII is sometimes required by law (e.g., tax regulations) or may also result from contractual regulations (e.g., information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with PII that must subsequently be processed by us. For example, the data subject is obliged to provide us with PII if our company concludes a contract with him or her. Failure to provide the PII would mean that the contract with the data subject could not be concluded. Before providing PII by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the PII is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the PII, and what the consequences of not providing the PII would be.  

Accountability 

In certain countries, including in the European Union, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process information. The data protection authority you can lodge a complaint with notably may be that of your habitual residence, where you work or where we are established. For further information on how we comply with the GDPR please refer to our GDPR Compliance Statement and our Data Processing Agreement.  

Commercial Partners 

Individual(s) or companies that have been approved by us as a recipient of organizational PII and from which Xappex has received confirmation of their data protection practices conformance with the requirements of this policy. Commercial Partners include all external providers of services to Xappex and include proposed Commercial Partners. No PII information can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.  

PII Training 

All new hires entering Xappex who may have access to PII are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned. Employees in positions with regular ongoing access to PII or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of PII data and shall receive annual training regarding the security and protection of PII data and company proprietary data 

PII Audit(s) 

Xappex conducts audits of PII information maintained by Xappex in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of PII information. Where the need no longer exists, PII information will be destroyed in accordance with protocols for destruction of such records and logs maintained for the dates of destruction. 

Data Breaches/Notification 

Databases or data sets that include PII may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, Xappex will notify all affected individuals whose PII data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after the breach was discovered.  

Fair Information Practices 

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. 

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors. 

Confirmation of Confidentiality 

All company employees must maintain the confidentiality of PII as well as company proprietary data to which they may have access and understand that such PII is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgment reminders annually attesting to their understanding of this company requirement.  

Violations of PII Policies and Procedures 

Xappex views the protection of PII data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under Xappex’s discipline policy and may include suspension or termination in the case of severe or repeat violations. PII violations and disciplinary actions are incorporated in Xappex’s PII onboarding and refresher training to reinforce Xappex’s continuing commitment to ensuring that this data is protected by the highest standards. 

Products and Services 

Xappex’s products and services are designed with specific features to help our customers comply with applicable data protection regulations. Xappex uses a relational database that employs a secured username and password login process. This means users must have specific access rights, such as to edit or add data, or are denied access to certain data.   

Do we have access to your data from our software? 

No. The connection to your Salesforce.com data is secured and is only established between the corresponding software (XL-Connector, G-Connector, Enabler4Excel365, Salesforce Connector for Google Data Studio) and Salesforce.com. We do not have access to your data either in transit or at rest. Your oAuth2 Security Token is stored in your user settings and can only be accessible by you.  

Customer Support 

Xappex’s product support staff assists customers in using Xappex’s products in a compliant environment. All remote access by Xappex product support staff to PII at the customer site is via a fully encrypted protocol. 

Network Protection 

Xappex servers and supporting systems are protected from hackers and network intrusion by firewalls and other leading security measures.  

Controlled Employee Access 

Certain Xappex staff and system administrators may need to access the Xappex system to provide operational / administrative support. Access rights are strictly controlled, and access is granted only to those who need it to support the Xappex system and its users. All Xappex employees and subcontractors are required to sign confidentiality agreements. Access to the system is granted only after validation of the user’s identification data, assigned role and system permissions. 

User Passwords 

Users must enter their username and password to gain access to the Xappex system. These credentials are created by users during registration. To reset a password, the information is sent to the user’s email on file. If two-factor authentication is enabled, a unique passcode is sent after the account password is entered. Administrators do not have access to user passwords and passwords can only be reset by following a link sent via email User Request. 

Encryption 

Encryption provides users with a secure way to exchange information with websites through their web browsers by (scrambling) the information as it is transmitted. This makes it unusable for anyone who does not have a protected decryption key to (decrypt) the information. Xappex provides encryption for user interactions through Secure Socket Layer (SSL) technology with a robust 256-bit encryption key. Xappex also uses industry-proven encryption standards (TLS) when PII is transmitted into or out of Xappex. 

Physical Security  

The Xappex server and supporting systems are physically secured and protected world-class data centers. Access to the physical systems is carefully controlled through security measures at multiple levels. of authentication requirements (e.g., user keys, biometrics), security guard and registration check-in requirements, and state-of-the-art security monitoring and alert systems. 

Access tracking and disclosure 

In accordance with commonly applied standards, Xappex logs relevant details each time health information is viewed, edited, or exported to ensure system integrity.  

How does our site handle Do Not Track signals? 

We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. 

Does our site allow third-party behavioral tracking? 

It’s also important to note that we do not allow third-party behavioral tracking. 

COPPA (Children Online Privacy Protection Act) 

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old. 

CAN SPAM Act 

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CANSPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us and we will promptly remove you from ALL correspondence.  

Social plugins 

We use so-called social plugins of various social networks in our online offer. When using the plugins, your internet browser establishes a direct connection to the servers of the respective social network. This provides the respective provider with the information that your internet browser has accessed the corresponding page of our online offer, even if you do not have a user account with the provider or are not currently logged in to it. Log files (including the IP address) are transmitted by your Internet browser directly to a server of the respective provider and may be stored there.   

The plugins represent independent extensions of the social network providers. We therefore have no influence on the scope of the data collected and stored by the providers of the social networks via the plugins. 

For the purpose and scope of the collection, further processing and use of the data by the social network, as well as your rights in this regard and setting options for protecting your privacy, please refer to the privacy policy of the respective social network.  

If you do not want the providers of the social networks to receive and possibly store or further use data about this online offer, you should not use the respective plugins. 

Your Rights 

In the absence of a unified Data Protection Law in the USA and our home state Michigan, we have set out and following current best practices and gold standards afford you the following rights:  

Right to Know and Access. You may submit a verifiable request for information regarding the: (1) categories of Personal Information we collect, use, or share; (2) purposes for which categories of Personal Information are collected or used by us; (3) categories of sources from which we collect Personal Information; and (4) specific pieces of Personal Information we have collected about you.  

Right to Equal Service. We will not discriminate against you if you exercise your privacy rights. 

Right to Delete. You may submit a verifiable request to close your account and we will delete Personal Information about you that we have collected. 

If you would like to exercise any of these rights, please contact us. We do not sell the Personal Information of our users. For more information about these rights, please contact us.  

Am I Obliged to Provide Data? 

The processing of your data is necessary for the conclusion or fulfillment of the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfillment of the contract or that is not required by law. 

Can we make changes to this privacy policy? 

We reserve the right to update and amend all or parts of this privacy policy, at any time, to the fullest extent permitted under applicable law. The version published on the Site is the version actually in force.  

As an individual whose PII is processed as described in this privacy policy, you have a number of rights which are summarized above. Please note that exercising these rights is subject to certain requirements and conditions as set forth in applicable law. 

Questions about data protection 

If you have any questions about data protection by us, or if you wish to contact us about a matter concerning your PII, we will be happy to assist you. You can reach us using the following contact details phone: 248-986-7533 or email: support@xappex.com. As a rule, we will reply to you by the technical means you have chosen for your enquiry.

Last updated: February 4, 2022