DATA PROCESSING ADDENDUM

Privacy and Data Protection PolicyXtype.IO Ltd. (“us”, “we" or “our”) operates this website (the “Website”) and the related propriety Enterprise Application Lifecycle Management Services which are provided under separate agreement (the “Subscription Services”, and collectively with the Website, the “Services”).

We value your privacy and have posted this Privacy Policy to inform you of our practices regarding the collection, use and disclosure of personally identifiable information which we collect or are provided with in connection with your use of the Services (hereinafter, “Personal Data”).

By using the Services, you agree to the collection and use of information (including, without limitation, Personal Data) in accordance with this Privacy Policy.

We collect several different types of data for various purposes to provide and improve our Services to you.

Processing of any Personal data collected from our customers in the framework of our Services is subject to terms of the Data Processing Addendum located at https://www.xtype.io/dpa.html (“DPA”).

The Personal Data You Provide

While using our Services, we may ask you to provide us with certain Personal Data, which may include, but is not limited to:

(i) Email address

(ii) First name and last name

(iii) Phone number

(iv) Address, State, Province, ZIP/Postal code, City

(v) Demographic Information

(vi) Information concerning professional background

(vii)Billing Information

When you contact us, or when we contact you, we may receive and process any Personal Data that you provide us.

Though you are not required by law to provide us your Personal Data, failing to provide us with any necessary Personal Data might jeopardize our ability to provide you with essential services. We will not use or disclose your Personal Data for purposes other than those specified in this Privacy Policy.

The Personal Data that we collect

When you access our Services, our servers log certain 'traffic/session' information from your device, such as the country from which you use the Service, the browser type, operating system, geo-location and the Internet Protocol (IP) address. We also collect information about your activity, for example your log-in and log-out time, the duration of sessions, viewed webpages or specific content on webpages, etc. ("Usage Data").We do not collect any Personal Data of our customer’s end users, however we may collect Personal Data (such as the log-in details) of our Customers’ personnel in connection with provision of our Services.

Aggregated and Analytical Information

We may use Google Analytics and additional or other analytics tools, from time to time, to learn about how users use the website and Subscription Services, in support of our Service-related activities and operations. The privacy practices of these tools are subject to their own privacy policies and they use their own cookies to provide their service (for further information about cookies, please see the ‘Cookies’ section in this policy).

For further information about the Google Analytics privacy practices, please read their Privacy Policy at: https://policies.google.com/privacy?hl=en

You can also read How Google uses data when you use Google partners’ sites or apps at: https://policies.google.com/technologies/partner-sites

We reserve the right to use anonymous, statistical or aggregate data for any purpose, including, but not limited to, improving the content of our Website and the functionality of our Service, marketing, and analyzing the use of our Website and our Services. We may also disclose such anonymous aggregate information to our partners or third-party service providers, excluding any Personal Data, except as otherwise provided in this Privacy Policy

Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Services and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Services.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.

You can find more information about cookies and other online tracking technologies through the US Federal Trade Commission and the EU Commission websites.

If you wish to learn more about the types of cookies that we and our service providers use, and the ways these cookies are used, please contact us at: compliance@xtype.io.

What we do with your Personal Data

We use the Personal Data we collect and receive to provide you with Services, to study and analyze the functionality of our Services, to analyze users' activities, and to maintain, develop and improve our Services.

We may use your email address, and other contact information you provide, to contact you when necessary, to send you reminders and to provide you information and notices about our Services and the products and services of our commercial partners.

We obey the law and expect you to do the same. If necessary, we may use your Personal Data to enforce our terms, policies and legal agreements, to comply with court orders and warrants and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts and any other misuse of our Services, and to take any action in any legal dispute and proceeding.

Sharing Personal Data with Others

We will not share, sell, rent or lease your Personal Data, except subject to the terms of this Privacy Policy, or subject to your prior consent.

We will share your Personal Data with service providers and other third parties as necessary to fulfill the purposes for collecting the information and deliver the Services to you. We may also share your Personal Data with our affiliates - these include any subsidiaries, sister-companies and parent companies.

Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).Additionally, circumstances may arise where we may be required to transfer your Personal Data to other entities in connection with a merger, acquisition, reorganization or sale of assets or in the event of liquidation or bankruptcy.

Removal of Personal Data from Our System

At any time, you can unsubscribe our mailing lists or newsletters, by sending us an opt-out request to: compliance@xtype.io.

At any time, you can exercise your following opt-out options: (i) object to the disclosure of your Personal Data to a third party, other than to third parties who act as our agents to perform tasks on our behalf, under our instructions, or third party publishers who received such Personal Data pursuant to the Terms and/or separate agreement with you; and (ii) object to the use of your Personal Data for a purpose that is materially different from the purposes for which we originally collected such Personal Data. You can exercise your choice by contacting us at: compliance@xtype.io Following the termination or expiration of the Services, we will stop collecting any Personal Data from or about you. However, we will store and continue using or making available your Personal Data according to our data retention section in this Privacy Policy.

“Do Not Track” Signals

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)If the data protection laws of the European Union apply to you, then the following terms will apply:

Our legal basis for collecting and using the Personal Data described in this Privacy Policy (when we act as data controllers):(i)when you register to the Services we process the contact information that you provide to us, for the purpose of sending you from time to time (by email, SMS text message, telephone, post or other electronical means) information about our Services which may be important or of interest to you;(ii) when processing of your Personal Data is necessary for us to perform our agreement with you;(iii) when the processing of your Personal Data is necessary for us to comply with legal obligations to which we are subject, or to protect your and others’ vital interests;(iv)when processing of your Personal Data is necessary for legitimate interests, such as cyber security and data protection, fraud detection, service maintenance and control, support, back-up, data disaster recovery.

Processing of your Personal Data under these lawful grounds, are not subject to your consent to this Privacy Policy.

In addition to your rights under other sections in this Privacy Policy, you have the following rights:(i) to access the Personal Data as specified below;(ii) to contact us if you want to withdraw your consent to the processing of your Personal Data; exercising this right will not affect the lawfulness of processing based on consent before its withdrawal;(iii) to request to delete or restrict access to your Personal Data -  we may postpone or deny your request if your Personal Data is in current use for providing the Services (for example you have a pending claim) and/or according to other legitimate purposes such as compliance with regulatory requirements.

If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions of applicable law, you may request to be informed that third parties that hold your Personal Data, in accordance with the relevant parts of this Privacy Policy, will act accordingly.(iv) you may ask to transfer your Personal Data in accordance with your right to data portability;(v) you may object to the processing of your Personal Data for direct marketing purposes;(vi) you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you and/or similarly significantly affecting you;(vii)You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).We do periodical assessments of our data processing and privacy practices, to make sure that we comply with this Privacy Policy, to update this Privacy Policy when needed, and to verify that this Privacy Policy is displayed properly and accessible.

A summary and further details about your rights under the European Union data protection laws, is available on the European Commission’s website at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en

Accessing Your Personal Data

At any time, you may contact us at: compliance@xtype.io   and request to access the Personal Data that we keep about you. Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and may ask you further questions to understand the nature and scope of your request.

If you find that the Personal Data on your account is not accurate, complete or updated, then please provide us the necessary information to correct it.

If you’d like us to delete Personal Data that you have provided, please contact us at: compliance@xtype.io and we will respond in a reasonable time.  Please be advised that we may retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.  In addition, after we delete your Personal Data, residual copies may take some time before they are deleted from our active servers and may remain in our backup systems.

This deletion will not change or delete Personal Data which may have already been shared with third parties, as permitted in this Privacy Policy or any other agreement between you and us.

If you have any concerns about the way we process your Personal Data, you are welcome to contact our data protection team at: compliance@xtype.io.  We will look into your enquiry and make good-faith efforts to resolve any existing or potential claim you may have. If you remain unsatisfied with our response, you may also refer the matter to the relevant supervisory authority.

Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Services, or when we are legally obligated to retain this data for longer time periods.

Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

We store and process information in Amazon AWS US East and EU regions where our clusters run.

If you are a resident in a jurisdiction where transfer of your Personal Data to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer. You can contact our data protection team at: compliance@xtype.io for further information about data transfer.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Data Security

We will use our best efforts to protect the confidentiality of your Personal Data. We use reasonable data security measures in line with industry standards. We also adopted strict rules that include technical and physical administrative measures for protecting your Personal Data, including protecting against Personal Data misuse and against unauthorized hacking.

Although we make efforts to protect your privacy, we cannot guarantee that the Service will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse. Should, despite of our security measures, a security breach occur that is likely to result in a risk to the data privacy of a data subject, we will inform the relevant data subjects and other affected parties, as well as relevant authorities when required by applicable data protection and privacy laws, about the security breach as soon as reasonably possible.

Service Providers

We may employ third party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform Service-related services or to assist us in analyzing how our Services are used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Links to Other Websites

Our Service may contain links to other websites that are not operated by us. If you click on a third- party link, you will be directed to that third party's website. We strongly advise you to review the privacy policy of every website you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party websites or services.

Children's Privacy

We do not knowingly collect Personal Data from anyone under the age of 18. By Agreeing to this Privacy Policy, you indicate that you are over the age of 18 and you consent also to the process the Personal Data of your children or legal dependents under the age of 18 (if applicable) in accordance to this Privacy Policy. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us at compliance@xtype.io.

Data Controller: xtype.IO Ltd.

Address: Avshalom Haviv 4, 6949503, Tel Aviv, Israel

Phone: +1 920 709 8645

EU representative: compliance@xtype.io

Data Protection Officer: compliance@xtype.io

LAST UPDATED: May 3, 2023

Are you ready to transform your ServiceNow delivery process?

Loved by Developers, Trusted by Businesses