This Privacy Policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as "online offer"). With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Person Responsible/Controller:

USA Office

Incent MR LLC

2055 Limestone RdSTE 200-C,

Wilmington, DE 19808 USA

support@surveyxa.com.

+1 302-725-3141

hereinafter referred to as “SurveyXa”, "we" or "us".

SurveyXa proceeds with all data processing procedures (e.g. collection, processing and transmission) in accordance with the statutory provisions of the Cyprus Law 125(I) of 2018 Providing For The Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of Such Data and in line with Regulation (EU) 2016/679 (General Data Protection Regulation).

The following provides you with an overview of the type of data collected and how it is used and passed on, the security measures SurveyXa takes to protect your data and how you can exercise your rights.

What are the relevant legal bases?

In accordance with Art. 13 GDPR the following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:

Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose. (Art. 6 Para. 1 lit. a and Art. 7 GDPR)

Contract – This is where we process your information to fulfil a contractual arrangement we have made with you. (Art. 6 Para. 1 lit. b GDPR)

Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc. (Art. 6 Para. 1 lit. b GDPR)

Legitimate Interests - This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. (Art. 6 Para. 1 lit. f GDPR). Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.

Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime. (Art. 6 Para. 1 lit. b GDPR)

Vital interests – This is where we process your information for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights. (Art. 6 para. 1 lit. d GDPR)

Your Rights

GDPR Specific Rights

  1. You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.

  1. You have according to. Article 16 GDPR the right to request the completion of the data concerning you or the correction of incorrect data concerning you.

  1. In accordance with Art. 17 GDPR, you have the right to demand that data concerning you be deleted without delay or, alternatively, in accordance with Art. 18 GDPR, to demand restriction of the processing of the data.

  1. You have the right to demand that the data concerning you that you have provided to us be received in accordance with Art. 20 GDPR and to demand that it be transferred to other data controllers.

  1. You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

  1. You have the right to revoke given consents according to Art. 7 para. 3 GDPR with effect for the future.

  1. You may object to the future processing of data concerning you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against the processing for purposes of direct advertising.

If you wish to rely on any of your data subject rights or have a request, please contact us.

California Specific Rights

If you are a California resident, you have the following rights:

You have the right to:

  1. request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, and sell.

  1. request that we delete personal information that we collect from you, subject to applicable legal exceptions.

  1. “opt out” of the “sale” of your “personal information” to “third parties”

In addition under California’s “Shine the Light” law, California residents who provide personal information (as defined in the statute) to obtain  services are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediate prior calendar year (e.g., requests made in the current year will receive information about the prior year). To obtain the information about data we hold about you or to effect the opt out, please contact us.

What are the purposes for processing?

  • Provision of the online offer, its contents and the website functions.
  • Provision of contractual services, service and customer care.
  • Answering contact enquiries and communication with users.
  • Marketing, advertising and market research.
  • Security measures.

What Personal Data is Collected?

Information you provide to us

When you participate in, access, request or use to any of our services, activities or online content, we receive personal information about you which we use to provide these services. This may consist of data such as your name, email address, postal address and telephone number.

Content you share with us        

When you contact us and when you share comments and other content with, us we may receive personal information about you.

Information collected online

We automatically collect personal data (technical and usage) when you browse or interact with our website, by using cookies, and other similar technologies. We may also receive technical data about you if you visit other websites which use our cookies.

Email communications        

We use web beacons in our emails to track the success of our marketing campaigns. If you open an email from us, we can see which of the pages of our website you visited. Our web beacons don’t store any information on your computer but communicate with our cookies and tell us when you have opened an email from us.

Data collected is linked, for example if you have used our service and later choose us again, we will link your data and treat that linked data as Personal Data.

How personal data is collected

We collect personal data in the following ways:

  1. direct interactions you may provide personal data when you complete online forms, request products/services, use our contact form or otherwise or correspond with us (by post, phone or email)

  1. automated technology we automatically collect personal data (technical and usage) when you browse or interact with our website, by using cookies, and other similar technologies. We may also receive technical data about you if you visit other websites which use our cookies.

Security Measures

We take appropriate technical and organizational measures in accordance with Article 32 of the GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk; the measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access concerning them, input, disclosure, ensuring availability and their separation.

Furthermore, we have established procedures to ensure the exercise of data subjects' rights, deletion of data, and response to data compromise. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).

When do we disclose your Personal Data?

We disclose your Personal Data in response to your business enquiry or your request for information within our Company in order to provide the best service possible and within our legitimate interest.

We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support this website and our services. For example, with our legal other professional advisors.

In relation to information obtained about you from your use of our website, we may share a cookie identifier and IP data with analytic and advertising network services providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.

We may disclose personal information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, pursuant to Art. 6 para. 1 lit. b GDPR is necessary for the performance of a contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to efficiently and effectively fulfill our contractual obligations, administrative tasks and duties).

If we entrust third parties with the processing of data on the basis of a so-called "processing agreement", this is done on the basis of Art. 28 GDPR.

Transfers To Third Countries

If we process data in a third country (outside the USA, the EU or India) or if this happens in the context of using third-party services or disclosing, or transferring data to third parties, this will only happen if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests.

Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. GDPR are met. I.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

How Long Do We Keep Your Data

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this Privacy Policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

Business Analyses And Market Research

In order to operate our business economically and to be able to recognize market trends, customer and user wishes, we analyze the data we have on business transactions, contracts, inquiries, etc.. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. GDPR, whereby the data subjects include customers, interested parties, business partners, visitors and users of the online offer. The analyses are carried out for the purpose of business management evaluations, marketing and market research. In doing so, we may take into account the profiles of registered users with details of, for example, their purchase transactions. The analyses serve us for the increase of the user friendliness, the optimization of our offer and the business management. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with aggregated values.

If these analyses or profiles are personal, they will be deleted or anonymized upon termination of the user, otherwise after two years from the conclusion of the contract. Otherwise, the overall business analyses and general tendency analyses shall be prepared anonymously, if possible.

Credit Information

If we provide advance services, we reserve the right to obtain identity and credit information for the purpose of assessing the credit risk on the basis of mathematical-statistical methods from specialized service providers (credit agencies) in order to protect our legitimate interests.

We process the information received from the credit agencies about the statistical probability of a payment default within the framework of an appropriate discretionary decision about the establishment, implementation and termination of the contractual relationship. We reserve the right to refuse payment on account or any other advance payment in the event of a negative result of the credit check.

The decision as to whether we provide advance services shall be made solely on the basis of an automated decision in individual cases, which our software shall make on the basis of the information provided by the credit agency, in accordance with Article 22 of the GDPR.

If we obtain explicit consent from you, the legal basis for the transmission of the customer's data to the credit agencies is consent pursuant to Art. 6 (1) lit. a, 7 GDPR. If no consent is obtained, our legitimate interests in the default security of their payment claim is the legal basis pursuant to Art. 6 para. 1 lit. f. GDPR.

Contacting Us

When contacting us (via contact form or e-mail), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) GDPR.The user's details may be stored in our customer relationship management system ("CRM system") or comparable inquiry organization.

We delete the inquiries if they are no longer necessary. We review the necessity every two years; we store inquiries from customers who have a customer account permanently and refer to the information on the customer account for deletion. Furthermore, the legal archiving obligations apply.

Collection Of Access Data And Log Files

We collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.

Online Presences In Social Media

We maintain online presences on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR, we maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in our data protection policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

Integration Of Services Of Third Parties

We use within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or services offered by third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").

This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.

The following presentation provides an overview of third-party providers and their content, along with links to their data protection policies, which contain further information on the processing of data and, in part already mentioned here.

Web Hosting Providers

Digital Ocean

Analytics and Tracking

Active Campaign

Widgets

reCAPTCHA

Affiliate Marketing Programs

CintAB

Access

If you are a registered user, you may access certain information associated with your Account by logging into our Services or emailing us. If you terminate your Account, any public activity on your Account prior to deletion may remain stored on our servers and may remain accessible to the public.

To protect your privacy and security, we may also take reasonable steps to verify your identity before updating or removing your information. The information you provide us may be archived or stored periodically by us according to backup processes conducted in the ordinary course of business for disaster recovery purposes. Your ability to access and correct your information may be temporarily limited where access and correction could: inhibit our ability to comply with a legal obligation; inhibit our ability to investigate, make or defend legal claims; result in disclosure of personal information about a third party; or result in breach of a contract or disclosure of trade secrets or other proprietary business information belonging to us or a third party.

Please contact us at any time if you would like to find out what personal data we are storing about you or if you would like to have it corrected or deleted. Furthermore, you have the right to restrict processing (Art. 18 GDPR), the right to object to processing (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR). In these cases, please contact us directly.

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

Children Data

Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.

Processing of special categories of data

No special categories of data are processed.

Am i Obliged To Provide Data?

The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfilment of the contract or that is not required by law.

Changes And Updates To This Privacy Policy

We ask you to regularly inform yourself about the content of our data protection policy. We adapt this Privacy Policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

Cookies

What are cookies?

Cookies are small text files sent to your device by the Site. Cookies are uploaded onto your device, thus allowing the Site to recognize you and store certain information concerning you, in order to permit or improve the service offered. A cookie will usually contain the name of the website from which the cookie has come from, the "lifetime" of the cookie (i.e. how long the cookie will remain on your device), and a value, which is usually a randomly generated unique number.

As regards the lifetime of cookies, two types of cookies may be used, "session cookies" and "persistent cookies". Session cookies are automatically deleted at the end of your browsing session. Persistent cookies remain longer on your device, for the duration of each specific cookie, and will remain valid until its set expiry date (unless deleted by the user before the expiry date).

Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website. Cookies do not contain any information that personally identifies you, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We also use other types of tracking technologies, such as flash cookies, server logs, web beacons or pixel gifs  in connection with our Website and services. These technologies are similar to cookies in that they are stored on your device and can be used to maintain information about your activities and preferences.

What types of cookies does the Site use and what are they for?

We may use different types of cookies. We may use what we call "required" cookies to enable core site functionalities, such as logging-in and completing an Order for Products. These cookies do not collect personal information for marketing purposes and can not be disabled.

Functional cookies provide more advanced functions, such as remembering log-in details, remembering what is in your shopping cart and remembering your preferences such as language and country, analyzing Site usage to measure and improve performance. Also these cookies do not collect information that can identify users.

Advertising cookies may be finally used to keep record of certain behaviours or preferences expressed by you, so as to present content that is more relevant to your interests, in compliance with the applicable data protection and privacy laws and upon collection of your express consent if required by law.

In any case, our cookies do not run programs on users' device nor upload viruses on it, and do not allow any kind of control over the device.

Cookies commonly used on this Site are listed in the table below. From time to time, we may also use additional cookies and tracking technologies not listed in this table. You may obtain an updated list of all cookies and tracking technologies used on this Site at the time of your visit upon request by contacting us.

Cookie (Google Analytics): _gid; _ga;

When you visit the Site, you may receive cookies from third party websites or domains. We do not control the placing of these cookies and you should check the relevant third party's website for more information about these cookies. The relevant third party is responsible for providing you with information regarding the cookies they place and obtaining your consent before placing cookies on your device.

How can you control cookies?

Your cookie preferences

By clicking the "cookie preferences" button on the Site's Cookie Banner, you may choose whether the Site will use "Functional" cookies and/or "Advertising" cookies, as described above.

The "cookie preferences" function available on the Site's Cookie Banner will inform you of which functionalities are available to you or not depending on the types of cookies you choose to authorize the Site to use.

Browser settings

If you wish to withdraw your consent to our use of cookies on this Site, or if you wish to delete or control the placing of cookies on your computer, you can also change your browser settings to block cookies or to alert you when cookies are being sent to your device. There are a number of ways to manage cookies. Please refer to your browser instructions or help screen to learn more about how to adjust or modify your browser settings at: Internet Explorer ,  Chrome,  Firefox,  Safari

If you disable the cookies that the Site uses, this may impact your experience while on the Site.

You can also delete cookies already stored on your computer. Again, doing this may have a negative impact on the usability of many websites.

If you disable the cookies that the Site uses, this may impact your experience while on the Site.

You can also delete cookies already stored on your computer. Again, doing this may have a negative impact on the usability of many websites.

Personal Identity Information (PII) Statement

Commercial Partners: Individual(s) or companies that have been approved by us as a recipient of organizational PII and from which SurveyXa has received confirmation of their data protection practices conformance with the requirements of this policy. Commercial Partners include all external providers of services to SurveyXa and include proposed Commercial Partners. No PII information can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.

PII Training: All new hires entering SurveyXa who may have access to PII are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned. Employees in positions with regular ongoing access to PII or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of PII data and shall receive annual training regarding the security and protection of PII data and company proprietary data

PII Audit(s): SurveyXa conducts audits of PII information maintained by SurveyXa in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of PII information. Where the need no longer exists, PII information will be destroyed in accordance with protocols for destruction of such records and logs maintained for the dates of destruction.

Data Breaches/Notification: Databases or data sets that include PII may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, SurveyXa will notify all affected individuals whose PII data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible.

Confirmation of Confidentiality: All company employees must maintain the confidentiality of PII as well as company proprietary data to which they may have access and understand that that such PII is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgement reminders annually attesting to their understanding of this company requirement.

Violations of PII Policies and Procedures: SurveyXa views the protection of PII data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under SurveyXa’s discipline policy and may include suspension or termination in the case of severe or repeat violations. PII violations and disciplinary actions are incorporated in SurveyXa’s PII onboarding and refresher training to reinforce SurveyXa’s continuing commitment to ensuring that this data is protected by the highest standards.

Changes

This Policy and our commitment to protecting the privacy of your personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes.

Queries and Complaints

Any comments or queries on this policy should be directed to us using the following contact details.

Incent MR LLC

2055 Limestone RdSTE 200-C,

WilmingtonDE 19808 USA

support@surveyxa.com.

+1 302-725-3141

If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.