Last updated: 03/01/2016
This policy is intended to inform users of our policies and procedures regarding the collection, use, and disclosure of personally identifying information received through our Website, Portal, and other online services. This policy may be updated from time to time for any reason, at our sole discretion. We will notify you of any significant changes to this policy and changes to the way we use your information by posting the new policy on our Website. You are advised to consult this policy regularly for any changes. By using or accessing the Website, you are accepting the practices described in this policy, and you are consenting to our processing of your information as set forth in this policy now and as amended by us. This policy was inspired by the guidelines from eTrust and the privacy policies of Google, Webtrends, and New Relic. Thank you.
If you have any questions or comments about this policy, please contact us at firstname.lastname@example.org or write to us at:
317 SW Alder Street, Suite 650
Portland, OR 97204 USA
In case of a dispute, eTrust is available to you as a third party. In this case you should contact eTrust at http://www.etrust.org/about/privacy_contact.php or mail at:
eTrust Privacy Officer
616 Corporate Way
Suite 2 #4000
Valley Cottage NY 10989
Cedexis collects non-personally-identifying information about visits to the Website, such as the browser used, referring site, and the time and date of each web request. We collect this information to understand how visitors use the Website. From time to time, we may release non-personally-identifying information in the aggregate, such as by publishing reports on usage trends. We also collect traffic data, like IP addresses. Cedexis does not use such information to identify its visitors and does not disclose such information other than under the circumstances described below.
Additional information, including an e-mail address, is collected from Portal users. We collect only such information as is needed to identify a Portal user and verify their authorization for the Portal, except as described below in Financial Information in the case of making payments through the Portal. Portal users in the same customer account have access to each other’s email addresses. Personally identifying information cannot be viewed or updated for users in other customer accounts. The Portal distributes a Portal user’s username and password via email upon account sign-up and if specifically requested by the user.
Cedexis Radar and Cedexis Openmix
Cedexis Radar and Cedexis Openmix are services provided by Cedexis to our customers and partners in order to measure and improve Internet user experience. As part of operation, these services collect information, such as the user’s IP address, time of visit, and the browser’s User-Agent, to inform network routing choices and other service decisions. This data is not correlated to additional personally identifiable information. IP address information that is made available to our customers and partners as part of reporting is anonymized. From time to time, we may release non-personally-identifying information in the aggregate, such as by publishing reports on trends.
If desired, users can opt-out of all Cedexis Radar measurement activity by enabling the Do Not Track configuration setting in their browser. If Do Not Track is enabled in the browser, Radar will not collect analytics data nor any identifiable information about the user to be used as part of any aggregated performance measurements.
Protection of Personally Identifying Information
Cedexis undertakes industry standard security measures to protect data, such as encryption (e.g. SSL) and physical security, to guard against unauthorized access to data and systems where data is stored. These measures include automated systems as well as a security awareness guide for Cedexis personnel.
Cedexis shares potentially personally identifying and personally identifying information only with our contractors and affiliated organizations that need to know that information to support Cedexis services. Any such contractor or affiliated organization has agreed not to disclose it to others. The contractors or affiliated organizations may be located outside of your home country – by using Cedexis services, you consent to the transfer of such information to them. We do not rent or sell potentially personally identifying and personally identifying information to anyone, and we take all reasonable measures to protect it. If Cedexis becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will ensure the confidentiality of any personal information involved in such transactions. Personal information may be disclosed to judicial or other government agencies subject to warrants, subpoenas, or other governmental orders.
Access to personally identifying information by Cedexis personnel is limited by industry standard encryption and authentication mechanisms such as SSL and strong passwords. In the event Cedexis personnel leave the company or should no longer have access to personally identifying information, their access to personally identifying information is revoked immediately.
In the event of a security breech which compromises personally identifying information we will notify affected users within 30 days of detection and explain the nature of the breech, when the breech occurred, information about the data compromised, and any steps the user should take.
Data Retention and Disaster Recovery
Data is backed up and distributed among our geographically dispersed data centers in case of catastrophic failure. Integrity of these backups and the procedures for recovering from catastrophic failure are verified on a regular basis.
Cedexis Openmix and Cedexis Radar logs are kept for at least 13 months after use of the service. Upon Portal account termination, information is retained for at least one year from the time of termination. If you would like this Portal account-related information expunged more quickly, please send us a request specifying your preference.
Some Cedexis services require payment that may be taken through the Portal using credit card information. Cedexis does not store this personal financial information in its systems and relies on the services of Zuora for customer financial information storage (if any). Zuora’s security policy is available at http://zuora.com/privacy.html.
Cedexis functionality and content are directed toward and designed for use by persons aged 13 or older. We do not solicit or knowingly collect personally identifiable information from children under the age of 13. If we discover that we have received personally identifiable information from an individual who indicates that he or she is, or whom we otherwise have reason to believe is, under the age of 13, we will delete such information from our systems.
In accordance with our commitment to protect personal privacy, Cedexis complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Cedexis has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. These principles and FAQs may be found at: http://www.export.gov/safeharbor
The EU Safe Harbor program is due to be superseded by the EU Privacy Shield later this year.
You can use the Cedexis Portal to review and change the personally identifying information stored by Cedexis. If you change your mind about the use of information volunteered by you, please send us a request specifying your new choice.