What this policy covers

Your privacy is important to Xyleme, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:

• What information we collect about you
• How we use information we collect
• How we share information we collect
• How we store and secure information we collect
• How to access and control your information
• Other important privacy information

This Privacy Policy covers the information we collect about you when you use our products or services, or otherwise interact with Xyleme (for example, by downloading a white paper), unless a different policy is displayed.

This policy also explains your choices about how we use information about you.  Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you.  If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.

We provide our Services exclusively to organizations (clients) with whom we have a current Services Agreement (contract); said client owns and controls the information (data) stored, processed and utilized by Xyleme.

What information we collect about you

We collect information about you when you provide it to Xyleme and when you use our Services.

Information you provide to Xyleme

We collect information about you when you input it into the Services or otherwise provide it directly to Xyleme.

Account and Profile Information: We may collect information about you when your employer creates an account, request access to support resources (such as our Training Portal or User Forum), added to notification lists (release, system alert), and when you log an issue ticket.  You also have the option of adding a display name, profile photo, job title, and other details to your User Forum and triage system profile.  These are visible to anyone authorized to view your account.  In some cases, your employer may provide personal information such as name, email, region, department, or supervisor to use for authenticating, reporting, and setting permissions.

Content you provide through our products: The Services include the Xyleme products you use, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include. Examples of content we collect and store include:

• content stored in Studio and CDS,
• comments added to Review Sessions,
• comments added to documents stored in CDS,
• course progress, questions responses, and scores, and
• Information used to authenticate and set permissions (examples include: name, email, region, department, supervisor)

Content you provide through our websites: The Services also include our websites owned or operated by Xyleme. We collect other content that you submit to these websites, which include social media or social networking websites operated by Xyleme. For example, you provide content to Xyleme when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, activities or events.

Information you provide through our support channels: The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service.  Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.

Payment Information:  If you are a designated billing representative we collect contact information including name, job title, email, and phone number.

Information we collect automatically when you use the Services

We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.

Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services; frequently used search terms; and how you interact with others on the Services.  We also collect information about the support content you view such as the content name, how long you interacted with the content, and answers to assessment and knowledge check questions. 

Cookies and Other Tracking Technologies: Xyleme uses cookies to provide functionality and to recognize you across different Services and devices.

Other users of the Services: Other users of our Services may provide information about you when they submit content through the Services.  For example, you may be mentioned in an issue ticket opened by someone else.  We also receive your email address from other Service users, when provided, to invite you to the Services.

Other services you may link to your account: We receive information about you when you or your administrator integrate or link a third-party service with our Services.  For example, if you create an account or log into the Services using your SSO credentials, we receive your name and email address as permitted by your SSO profile settings to authenticate you.

Other Partners: We do not receive or share information about you with our partners except for co-sponsored events (such as a webinar) where you have volunteered your information.

How we use information we collect

How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us.  Below are the specific purposes for which we use the information we collect about you:

To provide the Services and personalize your experience: We use information about you to provide the Services to you, including processing transactions with you, authentication when you log in, providing customer support, and operation and maintenance of the Services.

For research and development:  We are always looking for ways to make our Services smarter, faster, more secure, integrated, and useful to you.  We use collective learnings about how people use our Services and feedback provided directly to Xyleme to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services.

To communicate with you about the Services: We use your contact information to send transactional communications via email and within the Services, including responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages.  We send email notifications when you or others interact with you on the Services, for example, when you are @mentioned on a page or ticket or when a task is assigned to you. We also provide tailored communications based on your activity and interactions with Xyleme.  Additionally, we send you communications as you onboard to a particular Service to help you become more proficient in using that Service.  These communications are part of the Services and in most cases you cannot opt out of them.

To market, promote and drive engagement through our website and Services: We use your contact information and information about how you use the website and Services to send promotional communications that may be of specific interest to you.  These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you.  These communications are directly from Xyleme to you and will never include any third party.

Customer support: We use your information to resolve technical issues you may encounter, to respond to your requests for assistance, to analyze crash information, and to support, repair and improve the Services.

For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.

With your consent: We use information about you (where you have given Xyleme consent to do so) for a specific purpose not listed above.  For example, we may publish testimonials or featured customer stories to promote on our website, with your permission.

Legal basis for processing (for EEA users):

If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal basis for doing so under applicable EU laws.  The legal basis depends on the Services you use and how you use them. This means we collect and use your information only where:

• We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
• It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
• You give Xyleme consent to do so for a specific purpose; or
• We need to process your data to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.  Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

How we share information we collect

Sharing with other Service users

When you use the Services, we share certain information about you with other Service users.

Content metrics:  We collect information about the content that is created, including:

• Created by
• Last modified by
• Comments provided during a Review Session
• Content owner

We collect information about how content was published:

• Published by
• Uploaded by (CDS)

We collect information about how content is consumed:

• Experienced by
• Time spent on page
• Question responses
• Assessment scores
• Document comments on CDS

For collaboration: You can create content, which may contain information about you, and grant permission to others to see, share, edit, copy and download that content based on settings you or your administrator (if applicable) select.  Some of the collaboration features of the Services display some or all of your profile information to other Service users when you share or interact with specific content.  For example, when you comment on a Confluence page or Jira issue, we display your profile picture and name next to your comments so that other users with access to the page or issue understand who made the comment.  Similarly, when you publish a Confluence page, your name is displayed as the author of that page, and Service users with permission to view the page can view your profile information as well.

Community Forums:  Our User Forums allows you to connect with other users to solicit and share information. You should be aware that any information you provide on this site – including profile information associated with the account you use to post the information – may be read, collected, and used by any member of the User Community with access to the site.  Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you input into these Services. To request removal of your information from publicly accessible websites operated by Xyleme, please contact Xyleme as provided below. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why.

Service Providers: We work with third-party service providers to provide website and application development, hosting, maintenance, data backup and storage, virtual infrastructure, payment processing, analysis and other services for Xyleme, which may require them to access or use information about you.  If a service provider needs to access information about you to perform services on our behalf, they do so under specific instruction and close supervision from Xyleme, including policies and procedures designed to protect your information.

Engagement Activity:  We collect information about your visits to our website (including the typical web metrics such as pages visited and time on page), whitepapers and other information that you may download, the webinars and other events that you may attend.   By providing contact information to access website assets, you are opting in to receive follow-up marketing information.  You have the option to opt-out at any time.

With your consent: We share information about you with third parties, when you give Xyleme consent to do so.  For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial.

Business Transfers: We may share or transfer information we collect under this privacy policy in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Services if a transaction takes place, as well as any choices you may have regarding your information.

How we store and secure information we collect

Services Information storage and security

We use Amazon Web Services (AWS) to host the information we collect, and we use technical measures to secure your data.  For more information on where we store your information, please see our Cloud hosting infrastructure page.

While we implement industry best-practices and safeguards designed to protect your information, including encryption of in-transit data and at-rest data, it is not possible to ensure absolute data security.  Due to the inherent risks of the Internet, we cannot guarantee that data, during transmission via the Internet or while stored on our systems or otherwise in our care, is 100% safe from intrusion.
Marketing Information storage and security

We use Salesforce.com Cloud Services to track marketing contacts and campaigns.  You can view their policy here.  https://www.salesforce.com/gdpr/overview/

How long we keep information

How long we keep information we collect about you depends on the type of information, as described in further detail below.  After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

Account information: We retain your account information for as long as your account is active, and for a reasonable period thereafter in case of future Services reactivation.  We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services – not to specifically analyze personal characteristics about you.

Information you share on the Services: If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services.  For example, we will continue to display messages you may have sent to other users, and will continue to display content you provided.

Marketing information: If you have elected to receive marketing emails from Xyleme, we retain information about your marketing preferences for a limited period of time, starting from the date you last expressed interest in our Services (such as when you last opened an email from Xyleme or ceased using your Xyleme account).  We retain information derived from cookies and other tracking technologies for a limited period of time, from the date such information was created.

How to access and control your information

You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them, and any limitations.

Our platform is intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies.

Administrators may:

• require you to reset your account password;
• restrict, suspend or terminate your access to the Services;
• access information in and about your account;
• access or retain information stored as part of your account;
• install or uninstall third-party apps or other integrations

In some cases, administrators can also:

• restrict, suspend or terminate your account access;
• change the email address associated with your account;
• change your information, including profile information;
• restrict your ability to edit, restrict, modify or delete information

Changes to our Privacy Policy

We may change this privacy policy from time to time. We will post any privacy policy changes on this page.  We encourage you to review our privacy policy whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.

If you disagree with any changes to this privacy policy, you will need to stop using the Services and deactivate your account(s), as outlined above.

P