Eximius BPO

Services Privacy Policy

The following sections comprise the Eximius BPO Services Privacy Policy ("Services Privacy Policy").

I. The first section (Services Personal Information Data Processing Terms) describes the privacy and security practices employed by Eximius BPO Corporation and its affiliates ("Eximius BPO") when handling Services Personal Information (as defined below) for the provision of Technical Support, Consulting, or other services (the "Services") to Eximius BPO customers ("You" or "Your") during the term of Your order for Services. Additional terms may be specified in the privacy and security practices applicable to the Services You have ordered.

Your or User contact and related information collected from the use of Eximius BPO websites, or Your or User interactions with us during the contracting process, are not included in the definitions of Services Personal Information. The handling of this information by Eximius BPO is governed by the terms of the General Eximius BPO Privacy Policy.

I. TERMS OF SERVICE PERSONAL INFORMATION DATA PROCESSING

Eximius BPO treats all Services Personal Information in accordance with Sections I and III of this Policy, as well as Your order for Services.

If the terms of this Services Privacy Policy conflict with any privacy terms incorporated into Your order for Services, including an Eximius BPO Data Processing Agreement, the relevant privacy terms of Your order for Services shall take precedence.

  • Performance of the Services

    Eximius BPO may process Services Personal Information in order to perform the Services, such as testing and applying new product or system versions, patches, updates, and upgrades, and resolving bugs and other issues You have reported to Eximius BPO.

  • Instructions from the customer

    In order to provide the services, Eximius BPO processes personal information on your behalf.Eximius BPO will process your personal information in accordance with your service order and any documented additional written instructions, to the extent necessary for Eximius BPO to comply with its processor obligations under applicable data protection law or to provide you with services. help You meet Your controller obligations under applicable data protection laws applicable to Your use of the services Eximius BPO will promptly notify you if your instructions, in our reasonable opinion, violate applicable data protection laws. Eximius BPO is not liable for conducting legal research or providing legal advice to you. There may be additional charges.

  • Individuals' rights

    End user access to Your personal information is controlled by You, and end users should direct any requests regarding their personal information to You. To the extent that such access is not available to You, Eximius BPO will provide reasonable assistance with requests from individuals to access, delete or erase, restrict, rectify, receive and transmit, block access to, or object to the processing of personal information about services on Eximius BPO systems. If Eximius BPO receives requests or inquiries from Your end users who have identified You as the controller, we will forward such requests to You without responding to the end user. 

  • Confidentiality and security

    Eximius BPO has put in place and will continue to put in place technical and organizational safeguards to prevent the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Services Personal Information. These measures, which are generally in accordance with the ISO 27001 standard, govern all aspects of security applicable to the Services, such as physical access, system access, data access, transmission, input, security oversight, and enforcement.

    Employees of Eximius BPO are required to keep personal information confidential. Employee responsibilities include signing written confidentiality agreements, receiving regular information security training, and adhering to company policies governing the protection of confidential information.

  • Management of incidents and notification of data breaches

    Eximius BPO investigates and responds quickly to incidents that raise suspicion of or indicate unauthorized access to or handling of Services Personal Information.

    Eximius BPO will promptly notify You if Eximius BPO becomes aware of and determines that an incident involving Services Personal Information qualifies as a security breach resulting in the misappropriation or accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Services Personal Information transmitted, stored, or otherwise processed on Eximius BPO systems. 

    To the extent permitted by law, Eximius BPO will provide You with additional relevant information about the breach that is reasonably known or available to Eximius BPO as information about the breach is collected or otherwise reasonably becomes available to Eximius BPO. 

  • Subprocessors

    Eximius BPO affiliates and third party subprocessors who have access to Services Personal Information in order to assist in the provision of Services are subject to the same level of data protection and security as Eximius BPO under the terms of Your order for Services. Eximius BPO is responsible for ensuring that its subprocessors follow the terms of Your Services order.

    Eximius BPO keeps a list of Eximius BPO affiliates and subprocessors who may process Personal Information about Services. You can get more information about the Services by using the support tool.

  • Personal Information about Services is deleted or returned

    Eximius BPO will return or delete any remaining copies of Your production customer data, including any Services Personal Information, located on Eximius BPO systems or Services environments upon termination of Services, unless otherwise specified in an order for Services or required by law. The applicable Services Descriptions contain more information on data deletion functionality.

II. TERMS OF SYSTEMS OPERATIONS DATA PROCESSING

  • Personal information processing responsibilities and goals

    In accordance with Sections II and III of this policy, Eximius BPO Services Inc. and its affiliated entities are responsible for processing personal information that may be incidentally contained in system operation data. See the Eximius BPO entity list. Please choose a region and a country to view the registered address and contact information for the Eximius BPO entity or entities in that country.

    For the following business purposes, we may collect or generate Systems Operations Data:

    1. To comply with applicable laws and regulations and to operate our business, including for mergers and acquisitions, finance and accounting, archiving and insurance purposes, legal and business consulting, and dispute resolution.
    2. For the purposes of research and development, including analyzing, developing, improving, and optimizing our services;
    3. To ensure that licensing and other terms of use are followed (license compliance monitoring);
    4. To oversee the implementation of our backup disaster recovery plans and policies;
    5. To investigate and prevent potential fraud or illegal activities involving our systems and networks, including the prevention and detection of cyber-attacks and bots;
    6. To aid in the security of our services, including security monitoring and identity management;

    Where applicable, the following is our legal basis for processing your personal information:

    1. Eximius BPO may also process systems operations data as needed for compliance with our legal obligations and for the above-mentioned business operations.
    2. Eximius BPO will process Systems Operations Data as needed for internal research, technological development, and demonstration, as well as to improve, upgrade, or enhance Eximius BPO products and services based on our legitimate interests when such processing has a limited impact on the individual's privacy.
    3. Eximius BPO will process system operations data as needed to help keep our services secure, investigate and prevent potential fraud or illegal activities involving our systems and networks, administer our backup disaster recovery plans and policies, and confirm compliance with licensing and other terms of use.

  • Personal information exchange

    Eximius BPO's global organization may share personal information contained in systems operations data for business purposes. As previously stated, a list of Eximius BPO entities is available.

    We may also share such personal information with the following third parties:

    1. In the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings), we will notify relevant third parties.
    2. When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests, including those from public and government authorities outside your country of residence, for national security and/or law enforcement purposes, we will disclose as required by law, such as to comply with a subpoena or other legal process.
    3. Third-party service providers (such as IT service providers, lawyers, and auditors) in order for them to perform business functions on Eximius BPO's behalf;

    When third parties are granted access to personal information contained in system operations data, we will take the necessary contractual, technical, and organizational safeguards to ensure, for example, that personal information is only processed to the extent necessary, in accordance with this Privacy Policy, and in accordance with applicable law. Eximius BPO does not share or sell System Operations Data covered by this Privacy Policy to third parties for commercial reasons.

  • Security

    Eximius BPO has put in place appropriate technical, physical, and organizational safeguards in accordance with Eximius BPO Services Inc. security practices designed to protect personal information from accidental or unlawful destruction, loss, damage, alteration, unauthorized disclosure or access, and all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing.

III. CUSTOMER AND USER COMMUNICATIONS AND NOTIFICATIONS

  • Legal requirements

    Eximius BPO may be required by law to provide access to Services Personal Information and personal information contained in Systems Operations Data, such as to comply with a subpoena or other legal process or when we believe in good faith that disclosure is necessary to protect our rights, protect Your or a User's safety or the safety of others, investigate fraud, or respond to government requests, including those from public and government authorities outside Your or a User's jurisdiction.

    Unless otherwise required by law, Eximius BPO will promptly notify you of requests to provide access to personal information.

  • Making a formal complaint

    Please contact us if You or a User has any complaints about our privacy and security practices. Any complaints or disputes about our privacy practices will be investigated and resolved. Users may also file a complaint with a competent data protection authority.