Privacy Policy

Last update: May 16, 2022

 

Introduction

 

We, Expedia Solutions Specialist Inc, is committed to protect and respect your personal data privacy.

These Privacy Terms sets out the basis on which any personal data that we receive from you, gather from you, or process for you, will be used by us. It applies to any data gathered from email sent to us and other subscription link provided found by visiting our site www.exssi.com and fb account Expedia Solutions Specialist Inc.

For the purposes of abiding with the Data Privacy Act 2012, in the cases where we gather data through our websites and marketing campaigns, we are the "Personal Information controller". In the case of the data that clients use in any of our learning platforms, we are the "Personal Information Processor".

 

Information we may collect from you

 

Through our websites and Contact details

 

You may give us information about yourself by corresponding with us by email, phone or otherwise (we only correspond by phone in the case of support and other product services). This includes information you provide when you register and subscribe to use the learning platforms administered by us and communications with our support and product team.

The information you give us may include your name, email address, phone/mobile number, job role, institution type, institution name, institution website, institution size, username, password, portal URL, and portal name. During our onboarding process, we may also collect information regarding your e-learning challenges, what you wish to achieve through our platforms, and the expected usage of our platforms.

 

How do we use your data

 

Data collected through our websites or registration/subscription to our learning platforms

 

The data provided by users when registering to use our learning platforms is used in the following ways:

• To send informative emails for the users on the 14-day free trial

• To send the monthly newsletter to all free trial users and paying clients

• To send product updates to all users

• Information provided by users on the free trial can also be used for marketing campaigns that might be suited for them such as invitations to webinars and events, content marketing campaigns, campaigns to convince users to upgrade to a paid plan, marketing research campaigns related to our platforms and industry, etc.

• Information provided by paying clients can also be used for marketing campaigns that might be suited for them such as invitations to webinars and events, content marketing campaigns, marketing research campaigns related to our platforms, campaigns to gather product feedback, etc.

• Phone numbers collected through our automated phone system on our websites are stored in Nextiva and we do not store this data on our company servers. When contacting us through our phone system users agree to give their phone number and we only use phone numbers to respond to inquiries that come through our websites. Paying customers sometimes may require phone support and we provide that service, but we only use the phone numbers provided by clients with their consent.

 

Data hosted by clients on our platforms

 

Our clients are fully responsible for the data hosted on our platform and how they use it. In this case, they are the "Personal Information Collector" and we are the "Personal Information Processor". We only collect the data that clients use when registering for our administered platforms, which is usually the administrator account of the platform. Clients decide the type of user data they upload and use in our platform and if they want to use our platforms to collect more user data, by allowing users to self-register for their portals.

 

How long do we store data

 

Client data such as registration details, company details, data stored by the client in our learning platforms, are stored as long as the client is registered to use our learning platforms, In the case of free demo account, after the 14-day free trial if the user does not upgrade to a paid plan, their registration is terminated and we delete their data permanently.

Personal data gathered through marketing campaigns and website forms (such as contact forms on our websites) is stored until the user decides that they don't want to receive updates from us anymore. We use email marketing to communicate with these contacts and there is an "Unsubscribe" option available in each email. If a person does not interact with our marketing campaigns for a period longer than one year, we will delete the contact information from our database.

Blog subscribers receive blog updates until they decide to stop their subscription. The "Unsubscribe" option is available in each blog update we send out.

Mobile numbers are stored in our Support contact database as long as needed and the person can message or contact our support team to request update and deletion.

 

Where do we store data

 

Clients' data is stored on the Amazon servers in Frankfurt, and data sent to us separately via email attachment and social media accounts is stored in our admin digital data storage.

 

Security measures implemented in our Principal learning platforms

 

Our learning platforms include the following security mechanisms to protect its members and their resources: passwords, walled communities, authenticated resource access, secure profiles, secure messaging, communications monitoring, secure e-commerce, secure storage, secure servers. All communications are over HTTPS, all personal passwords are encrypted with individual SALT values, we use a rate limiter to prevent script kiddies or malicious attackers from overwhelming the system, our Amazon servers are hosted in their own VPC (virtual private cloud), and all remote ssh logins are protected using public/private keys. We conduct regular security audits and run daily security tools on our site to automatically detect and report security issues. You can easily prevent selected users from logging in, revoke their access rights, or delete them entirely if necessary. You can configure your site security policies to specify which operations can be performed by specific account types.

 

We provide Policy documents for our clients to use on their portals. This feature gives clients the framework to create documents that describe their privacy policy and require users to accept their privacy policy.

 

How do we use data shared through Online Google Drive and Social Media accounts.

 

We use the information provided by users such as their email address, portal ID and other provided information for authentication and validation of the user. We don't alter in any way the user data and we only store the data in our system if the user wants this, and we do not use user data in any other way.

 

Compliance

 

Expedia Solutions Specialist Inc, complies with the Data Privacy Act 2012 set forth by National Privacy Commission, regarding the collection, use, and retention of personal information from the Philippines, Expedia Solutions Specialist, Inc., has certified that it adheres to the DPA 2012 Principles of notice, choice, transfer, security, data integrity, access, and enforcement.

 

Should you have any questions regarding the management and handling of your personal information,

you may contact the Data Privacy Officer via mobile: +639178917232 and email: dpo@exssi.com