For the convenience of Exostar subscribers and visitors to the Exostar site, we may provide translations of the following in languages other than English at a later time. In such case, we will use reasonable efforts to provide accurate translations; however, Exostar does not guarantee the accuracy of any translation from the English and under no circumstance should any translation be relied upon without independent verification. Only the English language version is binding.
Issued May 1, 2016; updated May 3, 2018
This Policy does not apply to, and Exostar is not responsible for: (i) the practices of any other companies or individuals, or (ii) any third-party websites, platforms, devices, applications or services that you access via links from Exostar’s website or web applications (“Third Party Services”). We encourage you to review the privacy policies of any Third Party Services that you access.
1. COLLECTION AND USE OF INFORMATION
We collect and use Personal Information in various ways across Exostar’s suite of supply chain management, secure collaboration, and risk and identity management services.
A. Registration Information.
We collect information when users register on Exostar Sites, including name, telephone numbers, email addresses, business address, and other attributes for particular applications (e.g. user role for application, start date of application trial, etc.) (“Registration Information”). We may collect Registration Information directly from a user, or from the user’s company.
B. User Information.
Users communicate, collaborate and exchange information with Exostar and other users (“User Information”). User Information includes, among other things, information submitted to Exostar Sites, or to other companies via Exostar Sites.
C. Tracking Information.
When a user accesses Exostar Sites, Exostar Sites record and retain general data about the user’s use of Exostar Sites including the user’s domain name, the web page(s) from which the user entered Exostar Sites, the web page(s) which the user visited on Exostar Sites, and the amount of time the user spent on each web page of Exostar Sites (“Tracking Information”). Exostar may use third-party analytics tools to generate Tracking Information; third parties providing such tools are permitted to transfer Tracking Information only to Exostar.
D. Identity Information
For our services providing identity proofing (i.e. verification) and credentialing, we collect various information associated with the individuals whose identities are being checked (“Identity Information”). Identify Information differs depending upon the type and level of proofing, and may include Registration Information, Tracking Information, user ID numbers associated with proofing, government-issued ID documents (e.g. passport, driver’s license), other legal documents (e.g. birth certificate, marriage license), documents regarding employment, credit history, details of physical and electronic credentials and tokens, nationality, citizenship, physical location and time zone, proofing appointment information, and proofing outcome information. Identity Information is collected in person, over video interfaces and via other forms of electronic communication.
Exostar uses Identity Information solely to provide proofing, credentialing and access services, to confirm credentials that have been issued, and to maintain the integrity of the proofing and credentialing process. We do not share Identity Information with the third parties, except as specified in section 2.C of this Policy or with the consent of the user to which the Identify Information relates.
Exostar uses “cookies”—small files stored in user web browsers—to improve the functions of Exostar Sites, including optimizing presentation of information, streamlining the log-in process, and recording user preferences. Cookies may store Personal Information including browser information, IP address and username. Please see https://www.wikihow.com/Disable-Cookies regarding how to disable cookies. However, if a user disables cookies, he/she may not be able to log into or use certain features of Exostar Sites.
F. Other Information.
2. SHARING OF INFORMATION WITH THIRD PARTIES
Exostar shares Personal Information with certain third parties as described below, and takes responsibility for such sharing as provided in this Policy and applicable law.
A. Exostar Services.
The Exostar Portal and Exostar collaboration services are designed to be used for sharing information (including Personal Information) with third parties. Exostar enables such sharing to the extent authorized by each user and/or their company.
B. Aggregated Data.
Exostar may process and disclose information in aggregated form (based on Personal Information held by Exostar) that does not reasonably identify, the Subscriber, an individual user, or specific user transaction on Exostar Sites (“Aggregated Data”), including: (i) providing information regarding trends, purchasing patterns and retail intelligence and research; (ii) performing its obligations under agreements with third party licensors or other users; (iii) internal record keeping and reporting by Exostar; (iv) measuring the performance of third-party licensors and service providers; and (v) reporting performance and other statistical information concerning Exostar Sites.
Exostar may disclose Personal Information to third parties who support Exostar services, with appropriate agreements to ensure the information is used only for such service support and in accordance with this Policy.
D. Disclosure Under Law.
Exostar may disclose Personal Information if Exostar is required to make such a disclosure under applicable laws, or to report a violation or suspected violation of applicable laws to appropriate governmental authorities.
E. Sale of Company.
3. OPTING OUT
- To opt out of the User Directory, the case subject line should state “Opt Out Directory” and the message to support field shall include the Exostar-issued ID number;
- To opt out of receiving marketing communications from Exostar, the case subject line should state “Opt Out Communications” and the message to support field shall include the Exostar-issued ID number (if applicable); and
- To opt out of both of the above, the case subject line should state “Opt Out All” and the message to support field shall include the Exostar-issued ID number (if applicable).
Notwithstanding any such opt-out request, Exostar reserves the right to continue to process user data for purposes related to Aggregated Data as set out in section 2.B. If an opt out would impair the user’s ability to use Exostar services or the integrity of Exostar services, Exostar may contact the user or the user’s employer to discuss and possibly limit the scope of the opt out.
4. RETENTION OF INFORMATION
Exostar applies the following policies on retention of Personal Information:
- Registration Information, User Information, Tracking Information and Other Information associated with a user account may be retained for up to 3 years from account deletion. Some such information (including payment information, recently accessed sites and certain access credentials) is deleted immediately upon account deletion. If Personal Information of one user is associated with or stored on the account of a second user, the retention periods will be those for the account of the second user.
- Identity Information used for proofing is retained for 7.5 years after the credential to which the proofing relates is revoked or expires.
- Cookies are stored on user computers, and may be deleted at any time by the user (see section 1.E above).
- Digital certificates and any data that contains Personal Information that is not included in any other format listed in this Policy are retained for no longer than two years.
When data is deleted from Exostar operating systems, it may remain in our back-up storage for a period of 11 years.
5. ACCESS TO, CORRECTION AND DELETION OF PERSONAL DATA
Users may request access to, correction or deletion of your Personal Information held by Exostar. Exostar may choose not to delete Personal Information where the data is necessary to the integrity of Exostar services or to the operation of services provided by Exostar to other users. EU customers of Exostar have certain rights to restriction of data processing and data portability to other service providers. Users may exercise any of these rights by following the process set forth at http://www.myexostar.com/Online-Support/.
Exostar uses extensive technological and organizational measures to protect Personal Information and other data from unauthorized disclosure, alteration, or destruction. However, data security presents many risks, and Exostar cannot guarantee that information will be 100% secure. Exostar relies on customers to select secure passwords, to protect those passwords, and to use appropriate security software on their devices. Please contact Exostar with any information regarding unauthorized use of Exostar Sites or other Exostar services.
7. TRANSFER TO UNITED STATES; EU COMPLIANCE
Exostar is based in the United States, and information collected by Exostar is usually transferred to, processed, and/or stored in the United States. These transfers are authorized as follows:
- Business Customers. Our customer contracts include standard contractual clauses for controller-to-processor transfers approved by the European Commission, with the customer as controller and Exostar as processor. See https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en for further information.
- Individuals. For certain services that involve direct collection of Personal Information from individuals (e.g. identity proofing), we obtain explicit consent to transfer of Personal Information to Exostar in the United States.
Exostar complies with the EU General Data Protection Regulation with respect to our activities in the EU and European Economic Area.
8. UPDATES TO THIS POLICY
From time to time, Exostar may update this Policy to reflect changes in the law, changes in Exostar’s services, or for other reasons. If Exostar makes material changes to the Policy, Exostar will notify its users of the updated Policy by posting it on www.exostar.com and via http://www.myexostar.com/Online-Support/.
9.CONTACT INFORMATION AND YOUR RIGHTS
If you have inquiries or complaints about this Policy or your Personal Information, you should first contact the office of the Exostar chief privacy officer. If Exostar receives a written complaint, we will contact the person who made the complaint to follow up. Further contact information for our US and UK offices is available at https://www.exostar.com/contact/.
Exostar works with the appropriate regulatory authorities to resolve any complaints regarding Personal Information that we cannot resolve with our customers and users directly. If you are a EU/EEA customer of Exostar, you may also have the right to complain to the data protection authorities in your country, and, under certain conditions, to invoke binding arbitration.