Excelsoft's Privacy Policy Statement
- Introduction
- Contact Us
- Definitions
- Scope
- Privacy Policy Updates
- How We Use the Data We Collect
- Protection and Security
- Compliance with Data Protection Laws
- Use of the Products/Services by Minors
- International transfers
- Data Retention
- Cookies
- Marketing and Advertising
1. Introduction
Excelsoft Technologies (referred to herein as “we” or “us” or “Excelsoft”) is a Business-to-Business (B2B) company. Our digital learning and assessment products /services are being used worldwide by acclaimed educational publishers, universities/schools, licensing/awarding bodies, as well as government, defense, and corporate sectors. Excelsoft respects the privacy of its customers and their end-users and is committed to protecting confidential data.Excelsoft has been certified with ISO/IEC 27001:2013 certification and has in place policies and processes for Information Security in line with ISO 27001:2013.
2. Contact Us
Please contact Excelsoft Privacy Policy Support (espps@excelsoftcorp.com) for any questions or concerns about this privacy policy.
3. Definitions
Given below are definitions of some of the terms used in this privacy policy.
- “Customer" means a purchaser of Excelsoft’s products/services to conduct online learning and assessments. Our typical customers include, but are not limited to, educational publishers, universities/schools, licensing/awarding bodies, as well as government, defense, and corporate sectors.
- “End-User" (or “End User") means an individual or an entity authorized by Excelsoft’s “Customer" to access the products/services licensed for usage by the “Customer." This includes, but is not limited to, a student, an instructor, a trainer, a teacher, an employee, an institution, and a university.
- “Website Visitor” is someone who views/goes to our website to know more about our products/services.
- “Social Media Visitor” or “Social-Media Visitor” is someone who views/goes/comments on our social media pages.
- “You” or “Your” can be a customer or end-user or website visitor or social-media visitor.
- “Identity Data” includes first name, last name, username, email address, and organization/school name, organization/school code and title.
- “Contact Data” includes business contact details like business address, business email, and business contact numbers.
4. Scope
4.1 Customer and End-User
Being a B2B company, we are entrusted with the data of our customers and their users. We employ up-to-date best in class data protection technologies and comply with standard data protection policies to reduce the risk of unauthorized access to our customers and their users’ data. We do not share data across our customers for any reason.
4.2 Employees of Excelsoft
All employees in Excelsoft are bound by confidentiality, non-disclosure, and IP protection clauses within their employee Agreement, which is as stringent or more stringent than similar non-disclosure protections we enter contractually with our customers. Role and access control policies define access to all the servers and applications, and any employee will have only such access as are essential to perform the duties required as outlined in the contract with every customer. Only authorized employees with a reasonable need related to their job duties will have access to customer and end-user information as defined in the contract with each customer (For example, to investigate a production incident).
Excelsoft regularly conducts a privacy awareness training program for all its employees to reinforce the importance of data protection and security. Employees who violate our policies are subject to disciplinary action, up to and including termination.
4.3 Business Partners and Vendors
We maintain contractual data security, confidentiality, and privacy obligations with our partners and vendors necessary for the performance of any contract we enter into with them or you. Our data security agreements with our business partner/vendors are as stringent or more stringent than the similar agreements we enter contractually with our customers.
4.4 Others
This privacy policy also covers, but not limited to (a) anyone browsing our websites, (b) receiving our newsletters or promotions, (c) visiting/commenting our social media posts, and (d) anyone using an online/digital trial version of our products/services.
5. Privacy Policy Updates
Last Updated: This privacy policy was last updated on 24-Nov-2022.
Please note that we regularly review our privacy practices and that these practices are subject to change. Any change, update, or modification will be effective immediately upon posting on this webpage. You can know if the privacy policy has changed since the last time you reviewed it by checking the “Last Updated" included at the beginning of this section (“Privacy Policy Updates”). By continuing to use our products/services (as a customer or an end-user), you are confirming that you have read and understood the latest version of this privacy policy. We recommend you return to this page periodically to ensure familiarity with the most current version of this privacy policy.
6. How We Use the Data We Collect
The use of data we collect depends on your relationship or purpose of your online interactions with us. Please refer to the below subsections to learn more.
6.1 Customer
We will collect and store limited personal information about the relevant contacts at our customer companies for invoicing, notification of product updates and maintenance, and similar purposes. Such information is shared only with the authorized Excelsoft employees with a reasonable need to perform some of the jobs mentioned above (ex: invoicing, project management, deploying product updates, etc.).
Product/services licensed by the customer will be deployed on machine instances owned either by the customer or by Excelsoft on-premise or on cloud services as per customer requirements. Where permitted by our customer, an in-house security team performs Vulnerability Analysis/Penetration Testing and certifies each customer’s release or deployment. Excelsoft also engages external auditors to have its applications tested from a security perspective, and implement any recommendations.
Any data, including question items, or learning content, special algorithms, etc., provided explicitly by a customer are considered customer’s IP and are not used or shared with any other customers. Excelsoft generally maintains specific non-disclosure agreements/clauses related to these in the Agreement with customers.
Customers can request to have an exclusive instance of the content repository and application servers (where no other customer’s data is stored), or may use shared machine or application instances (based on contract). In either situation, Excelsoft will have access provided to employees only on a need-to-know basis. No customer can view or access any other customer’s data.
Role and access control policies define access to all servers and applications, and any employee will have only such access as are essential to perform the duties required as outlined in the contract with that customer. For example, unless agreed with the customer, Excelsoft employees will not have continuous access to production servers if the customer manages servers on their own. On a need-to basis and for specific tasks and roles required, Excelsoft will seek and get credentials needed to perform the function post which these credentials are disabled. Where Excelsoft manages the application, hosting, and all server access, the access is limited to very few employees who are trained to perform specific tasks. For example, the DB administrator will have only DB server access and not App server access. Also, the DB administrator will not have the key for reading encrypted content. All accesses are on a need basis only.
We may disclose customer information, as requested or authorized by a customer or as required by an applicable governmental agency or authority, for administrative, audit, evaluation, or other purposes.
Excelsoft may use and disclose customer information to law enforcement and other regulatory officials to investigate and address suspected illegal conduct prohibited under the law of the corresponding jurisdiction.
Learn more about our approach to data protection and security in Protection and Security section.
6.2 End-User
Our customers decide how we should use their end-user information. We provide most of our products/services to end-users of our customer as a so-called ‘data processor’ on behalf of our customer. Therefore, the primary responsibility for data privacy compliance lies with the customer as a ‘data controller.’ It also means that the customer’s privacy statement governs the use of their end-user information (instead of our privacy statement). Our customer determines what end-user information we collect through our products and services, and we process collected data according to customer’s instructions and as per the terms of our contracts with the customer. We use the end-user information in accordance with our agreement with the customer to operate, maintain, and provide the features and functionality of the products and services. We also use the end-user information to perform analytics functionalities as directed by the customer.
Where required, our products/services may transfer the end-user’s information to third-party tools/partners as requested, authorized, and approved (written approval) by the customer. After the authorized transfer of the data to customer-selected third-party tools/partners, usage of the data by third-party tools/partners (of the customer) is outside the scope of Excelsoft Privacy Policy.
End-user information (as authorized and limited by end-user) can be collected directly from the end-user using the forms/interfaces of our products/services. It can also be collected indirectly through authorized data sources supplied securely by the customer, and received and processed securely by our products/services.
Application and system logs are critical to ensuring the delivery, availability and security of our products/services. Excelsoft automatically collects log data related to end-user interaction with our products/services. This data may include browser type, type of computer/device and technical information about the end-user means of connection to the products/services, such as operating system, internet service provider, and IP address. This data is collected and used for support purposes and to monitor the health of the products/services, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale the computing resources for the product/services. Data for application/system logs are collected using automated technologies or during end-user interaction with the products/services.
We may use and disclose end-user information, as requested or authorized by an Institution or by an applicable governmental educational agency or authority, for administrative, audit and evaluation purposes.
Excelsoft may use and disclose end-user information to the law enforcement and other regulatory officials to investigate and address suspected illegal conduct prohibited under the law of the corresponding jurisdiction.
Learn more about our approach to data protection and security in Protection and Security section.
6.3 Website and Social Media Visitors
Excelsoft uses the following methods to collect Identity/Contact data from a website/social-media visitor: direct interactions and indirect/automated technologies or interactions.
Direct Interactions: We collect your Identity or Contact Data by using forms or surveys on our website or social media posts.
Indirect/Automated Technologies or Interactions: As you interact with our website and social media pages, we automatically collect information about the pages you visit and how you access and use our websites using cookies and third-party analytics tools. Data collected can be used for analytics such as to collect visitor information, such as browser types, operating systems, device types, referring pages, pages visited, and time spent on a particular site. Depending on your device settings, we may also collect information about your geographical location.
Given below are some of the primary reasons for collecting the information from our websites and social media pages:
- Direct marketing of our products/services to you
- To deliver relevant website content and advertisements
- When you wish to contact us to inquire about our product/services
- When you wish to participate in an Excelsoft promoted competitions or surveys
- When you want to contact us to give us feedback/suggestions
- To analyze usage information for sales and marketing purposes and for trends about our visitors and their demographics and how they use our websites.
- For some of our posts, we also use your information to personalize the pages, which is necessary to provide more contextually relevant information as you browse our websites.
Learn more about our use of cookies in our Cookies section
7. Protection and Security
To protect information from unauthorized access, use, and disclosure, Excelsoft maintains a comprehensive information security program and employs reasonable and appropriate physical, administrative, and technical safeguards. Excelsoft performs periodic risk assessments of its information security program and prioritizes remediation of identified security vulnerabilities.
Some of our protection and security best practices include, but not limited to:
- All critical data is encrypted and stored securely in the Database.
- All our products/services use Secure Socket Layer (SSL) to transfer data over the wire. SSL is a secure protocol developed for sending information securely over the Internet.
- Our products/services are accessible via only HTTPS (HTTP with SSL) protocol for in-transit security for data /information transactions over the network.
- Our products/services generate an audit trail of all activities done by logged-in users, including administrators. Audit reports, system logs can be exported in a suitable format for forensic analysis.
- Our products/services are compliant with the Open Web Application Security Project (OWASP) Core Rule Set to offer baseline protection against most of the common web vulnerabilities
- In case the customer feels there is a need for additional security measures, Excelsoft can work closely with the IT security staff/auditor as authorized by the customer to implement any recommendations.
- We deploy our production applications on customer’s owned data centers or on either Microsoft Azure or Amazon Web Services (AWS) cloud services depending on the type of product, service, and contract. The network architecture will be designed to block unauthorized traffic to and within data-centers, using a variety of technologies such as firewalls, partitioned local area networks (LANs), and the physical separation of back-end servers from public-facing interfaces.
8. Compliance with Data Protection Laws
Excelsoft is committed to delivering its products/services by complying with all data protection laws as required by the corresponding jurisdiction (GDPR, CCPA, FERPA, COPPA, etc.).
9. Use of the Products/Services by Minors
The use of our products/services by a minor (end-user) of our customer is subject to the consent provided by the customer (For example, schools/institutions/organizations). We advise the schools/institutions/organization (customer) who permit their children to use our products/services that it is essential that they communicate with their children about their safety online. Minors who are using the platform should be made aware of the potential risks to them and of their obligation to comply with our products/services terms. However, Excelsoft will comply with all applicable provisions of required child protection acts as required by the corresponding jurisdiction. Excelsoft will abide by the definition of the minor as defined by the corresponding jurisdiction.
10. International transfers
Excelsoft will NOT transfer any personally identifiable information outside the jurisdiction of where your data is agreed to be stored as part of the agreement. Data that is not personally identifiable may be transferred to and stored at a location outside your country/continent of residence for purposes of providing services to our Customer (For example, to perform load tests or other services, or where a customer has end users in multiple countries and the data can only be stored in one location). It may also be processed by staff operating outside your country of residence to perform, among other things, the provision of support services. By using the products or services of Excelsoft, you agree to this transfer, storing or processing. Specific contracts may include further restrictions on other data movement. We will take all reasonable steps necessary to ensure that your data is treated securely and in accordance with this privacy notice.
All information you provide to us is stored on our secure servers or those of our service providers. Where we have given you (or where you have chosen) a password/access code, which enable you to access certain parts of our products/services, you are responsible for keeping this password/code confidential. We ask you not to share your password with anyone.
11. Data Retention
We will only retain your information for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements Cookies.
12. Cookies
Our products/services/websites might use cookies to distinguish you from other users/visitors of our products/services/websites. Cookies help us to provide you with a good experience when you use our products/services/websites, and also allows us to improve their user experience/performance. You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our products/services/websites or the complete products/services/websites may become inaccessible or not function properly.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience.
Our products/services/websites set cookies which remain on your computer or device for differing times. Some expire at the end of each session, and some stay for longer so that when you return to our products/services, you will have a better user experience.
We may use any or all of the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our Platform. They include, for example, cookies that enable you to log into secure areas of our website and navigate between pages.
Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it, links clicked, etc. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognize you when you return to our website. This enables us to personalize our content for you and remember your preferences (for example, your choice of language or region).
Cookie related details are provided in the Cookie Policy
13. Marketing and Advertising
Excelsoft will not use end-user information for any marketing purposes and will not knowingly direct or send marketing communications to and-user. We conduct marketing to promote our products and services. This marketing is generally aimed at the staff of our current and potential customers and partners. When we hold or sponsor events and webinars, we will collect information about attendees, such as the session they attend and their contact details, to provide them with relevant product information and other Excelsoft related information. We may use vendors to help us organize and conduct campaigns, events, and other aspects of marketing. We will share with them only the necessary information and ensure that they are following our strict requirements for vendors. For example, we will receive information from some third parties about how well an online marketing or email campaign performed.