Exa Corporation, a Delaware Corporation headquartered at 55 Network Dr, Burlington, Massachusetts 01803 U.S.A., (hereinafter “Exa”) processes Personal Data (as defined below) in the course of its business, including the Personal Data of people browsing the websites of Exa (the "Sites").
Personal data ("Personal Data") means any information relating to an identified or identifiable person. An identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the person.
Non-Personal Data means any information that does not result in the identification of a person.
2. DATA COLLECTED
Visitors are individuals who visit the Sites without registering themselves. Their Personal Data likely includes:
· IP and/or MAC address
· Cookies (as described in section 10); and
· any other Personal Data as may be relevant for the purposes listed below.
Personal Data collected (including from those who visit Sites and enter information) for the purposes listed below likely includes:
· first and last name;
· postal address;
· email address;
· telephone number(s);
· login and password;
· university, degree and courses taken;
· type of organization (company, school, university, etc.), organization name, organization size, department and job title;
· industry and industry sub-industry sectors;
· people to whom purchases are shipped;
· financial data (credit card number and expiry date, name and address of the cardholder);
· IP and/or MAC address;
· Cookies (as described in section 10); and
· any other Personal Data as may be relevant for the purposes listed below.
In all cases, however, the Personal Data gathered is limited to data necessary for the purposes described in Article 4 below.
For visitors and users of the Sites: in order to use certain functions and features of the Site, Exa requires that You provide certain Personal Data when visiting or using the Site. You are free to decide whether or not to provide all or part of Your Personal Data. However, if You choose not to provide all or part of this Personal Data, the purposes as described in Article 4 hereafter might not be achieved or not properly achieved, some areas and functions of the Sites may not function properly and/or You may be refused access to certain pages on the Site. In particular, You will not be authorized to purchase software licenses or other products or services via the Site.
3. PROTECTION OF PERSONAL DATA CONCERNING CHILDREN
Exa products and services are not designed to be marketed to children who are considered as minor under the applicable data protection law and Exa does not knowingly collect or store Personal Data from children under such age. For children whose usual place of residence is in the European Union, Lichtenstein, Norway or Iceland, the default age at which a person is no longer considered a child is 16 subject to local law to adjust that limit between 13 and 16.
Certain Exa products and services may be appropriate for use by children, however, in which case children below the age of consent under local data protection laws must seek consent from their parents or guardians prior to creating a Exa account or registering a product. Teachers and school administrators may act in the place of parents and guardians and provide consent for the collection of Personal Data from children (schools should always ensure that they have received permission from parents or guardians to do so).
If parents or guardians become aware that their child has provided Exa with Personal Data without their consent or without a teacher’s or school administrator’s consent, they can ask Exa to remove such Personal Data and terminate the child’s account by sending an email email@example.com.
If Exa becomes aware that it has collected Personal Data from a child below the age of consent under local data protection laws without consent from a parent or guardian, Exa will take steps to seek the parent’s or guardian’s consent for that processing or to remove such Personal Data and terminate the child’s account.
4. PURPOSES AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
Whether You are a visitor or a user, Exa collects Your Personal Data for the following legal grounds and for the following purposes:
· Processing activities based on Your consent:
- To improve Your user experience;
- To recognize that You have given a Personal Data so You don't need to do it for every web page requested;
· Processing activities based on Exa’s legitimate interest:
- To enable Exa to manage surveys.
In addition, when You are a user, Exa collects Your Personal Data on the following legal grounds and for the following purposes:
· Processing activities based on Your prior consent, If required by law (e.g. You are a resident of the European Union, Liechtenstein, or Norway)::
- To enable You to request and receive information on Exa and Exa products and services from Exa or a third party engaged by Exa;
- To ascertain Your requirements and interests and provide You with the most suitable products and/or services ;
- To enable Exa to manage its marketing activities;
- To enable You to register for a seminar, webinar, or event;
- To enable You to enter a contest;
- To enable You to create a user profile. Exa provides You with the possibility of using its Sites (including forums, blogs, and networks), and Exa products and services that require You to register and create an account. User profiles provide the option to display personal information about You to other users, including but not limited to Your name, photo, social media accounts, postal or email address, or both, telephone number, personal interests, skills, and basic information about Your company. These profiles may relate to a single Site or may also allow You to access Exa products and services, or both.
Exa may provide a hashed user ID to third party operated social networks or other web offerings (such as Twitter, LinkedIn, Facebook, Instagram, or Google) where this information is matched against the social networks’ data own data bases in order to display to You more relevant information.
· Processing based on Exa’s legitimate interest:
- To enable Exa to manage its marketing activities for similar goods and products if You are already using Exa products and services;
- To manage the Exa obligations related to applicable export laws, trade sanctions, and embargoes issued, without limitation, by the European Union and its member states, and of the United States of America. This may include (i) automated checks of any user registration data as set out herein and other information You provide about Your identity against applicable sanctioned-party lists; (ii) regular repetition of such checks whenever a sanctioned-party list is updated or when You update Your information; (iii) blocking of access to Exa services and systems in case of a potential match; and (iv) contacting You to confirm Your her identity in case of a potential match;
· Processings based on the performance of a contract:
- To provide You with a personalized interactive use of the Sites;
- To allow You to open and maintain an account in order to obtain specialized documentation and technical assistance;
- To access all the features and options offered by the Sites;
- To enable You to exchange with other users of the Sites;
- To enable Exa to manage its business relationships, including sales opportunities, commercial offers, purchasing, contracts, orders, invoices, which may include conversational data triggered via chat functionalities on the Sites, contact forms, emails, and voice messaging data;
- To provide You with commercial or support-type services;
- To enable You to purchase software licenses, or products or services, download software and/or register software licenses; and
- To manage Your training and/or certification on Exa products and services. Exa may also track users’ learning progress in order to make this information available to them.
Generally, when consent is not required, You cannot opt out of non-marketing related communications that are required for the relevant business relationship. With regard to marketing-related communications (e.g., emails and phone calls), Exa will (i) where legally required, only send You such communications after You have opted in, and (ii) provide You the opportunity to opt out of receiving further marketing-related communications from Exa.
When You register for an event organized by Exa, Exa may share Your name, company, and email address with other participants and sponsors of the same event for the purpose of communication and the exchange of ideas. In addition, Exa may ask You for information about Your health for the sole purpose of identifying and being considerate of individuals who have disabilities or special dietary requirements throughout the event.
Subject to applicable local law, by providing Personal Data such as but not limited to e-mail address, You hereby expressly authorize Exa and Dassault Systèmes affiliates and subsidiaries (“3DS Group Companies”) to use it together with other relevant Personal Data to send You commercial or marketing communications. Exa might also use Your email address for administrative or other non-marketing purposes (for example, to notify You of significant changes to the Sites).
5. PERSONAL DATA RETENTION PERIOD
Exa does not store Your Personal Data for more time than necessary. Retention periods may vary depending on the data categories and the processing activities.
Where Exa is processing and using Your Personal Data as permitted by law or under Your consent, Exa will store Your Personal Data (i) only as long as required to fulfill the purposes set out above, (ii) where Exa has a legitimate interest in using Your Personal Data, until You object to Exa’s use of Your Personal Data, or (iii) where You gave Your consent, until You withdraw it. However, where Exa is required by applicable law to retain Your Personal Data longer or where Your Personal Data is required to assert or defend against legal claims, Exa will retain Your Personal Data until the end of the relevant retention period or until the claims in question have been settled.
6. TRANSFER OF PERSONAL DATA
As a member of a global group, Exa is able to use available technology to efficiently manage Personal Data and obtain such Personal Data online or otherwise throughout its affiliates’ international operations. Personal Data may be collected through the Site and subsequently disclosed to and used by a 3DS Group Company as 3DS Group Companies offer an adequate level of protection in accordance with European legislation. 3DS Group Companies’ location is available at https://www.3ds.com/about-3ds/world-presence/.
7. RIGHT TO ACCESS, TO RECTIFICATION AND OTHER RIGHTS
You have a right to access Your Personal Data. In addition, You have a right to request the rectification, completion, update or erasure of Your Personal Data. You have a right to restrict processing. You also have a right to obtain a copy of Your Personal Data stored by Exa. You have a right to object, in relation to specific processing of Your Personal Data. Additionally, You may have a right to data portability.
If You have an account, You can exercise Your rights by logging on to Your account. Otherwise, You may exercise Your rights by sending an email to the: firstname.lastname@example.org.
Depending on the scope of the request, Exa reserves the right to charge a reasonable fee to cover any out-of-pocket costs incurred in connection with such access, modification and deletion of Personal Data. Exa may deny access to Personal Data in limited circumstances, defined by applicable laws and regulations.
8. DATA RECIPIENTS
Exa will also disclose Your Personal Data to third parties if Exa determines that such disclosure is necessary for technical reasons (such as hosting services by a third party) or to protect Exa’s legal interests (such as in the event of a sale of assets to a third company, or a change of control or a total or partial liquidation of Exa).
Additionally, Exa may share Your Personal Data with the reseller assigned to You or in the territory where You are located. Exa may also share Your Personal Data with business partners when Exa and the business partner sponsor organize an event together or participate in a marketing promotion together and in which You engage.
Exa may also disclose Your Personal Data if required by law or if Exa believes in good faith that such disclosure is reasonably necessary to comply with legal process (for example, a warrant, a subpoena, or other court order) or protect the rights, property, or personal safety of Exa, Exa’s customers, or the public.
If allowed by applicable law, 3DS may also share Your Personal Data with third parties in order to offer You targeted marketing or advertising.
9. DATA SECURITY
Exa undertakes to ensure the protection and security of Personal Data that You choose to communicate, in order to ensure the confidentiality of Your Personal Data and prevent Your Personal Data from being distorted, damaged, destroyed or disclosed to unauthorized parties.
Exa maintains reasonable physical, electronic, and procedural safeguards to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. As part of those safeguards, Exa employs sophisticated technology designed to protect Personal Data during its transmission and prevent transmission errors or unauthorized acts of third parties. However, while Exa strives to protect Your Personal Data, in light of the inevitable risks of data transmission over the internet, Exa cannot guarantee full protection against any error occurring during the course of Personal Data transmission which is beyond Exa's reasonable control.
Since all Personal Data is confidential, access is limited to employees, contractors and agents of Exa or 3DS Group Companies who have a need to know such data in carrying out their tasks. All the people who have access to Your Personal Data are bound by a duty of confidentiality and subject to disciplinary actions and/or other sanctions if they fail to meet these obligations.
However, it is important for You to exercise caution to prevent unauthorized access to Your Personal Data. You are responsible for the confidentiality of Your password and information appearing on Your account. Consequently, You must ensure that You log out of Your session in the event of shared use of a computer.
The list of cookies Exa uses and their purpose is available at: https://www.exa.com/cookies.
· improve Your user experience through, for example:
- enabling a service to recognize Your device so You don't have to give the same information several times during one task;
- recognizing that You may already have given a username and password so You don't need to do so for every web page requested;
· analyze traffic and data on the Sites to:
- measure how many people are using the Sites, so the Sites can be made easier to use and navigate and to make sure there is enough capacity to ensure the Sites have adequate response times;
- help Exa understand how users interact with the Sites so Exa can improve their functionality and performance.
Exa may also use third party services (such as Adobe Analytics, Google Analytics, Piwik, DART, LinkedIn) to perform services on its behalf, in particular to:
· analyze Your browsing habits and measure the Sites audience,
· analyze Your interests and offer You targeted marketing or advertising,
· allow You to share content from the services with other people on social networks or to let these other people know what You are looking at or what You think (e.g., the “Like” button on Facebook)
In such a case, cookies provided by such third party vendors may be used and stored. By transmitting the information generated by these cookies, the cookies’ settings ensure that an IP address is anonymized before geo-localization and before storage. Our providers will use this information for the evaluation of Your use of the Sites, compiling reports on the Sites activity for Exa, to propose better services to You that are suited to Your needs, and display advertisements You that are suited to Your needs. Cookies will not associate Your IP address with any other data they hold.
11. LINKS TO WEBSITES NOT CONTROLLED BY EXA OR ITS SUBSIDIARIES
The Sites might offer links to third party websites that may be of interest to You.
Exa does not exercise any control over the content of third party websites or the practices of these third parties in connection with the protection of Personal Data that they might collect and are thus not in the control of Exa. Consequently, Exa shall have no liability for the content of third party websites or the practices of these third parties concerning the protection of Personal Data.
It is therefore Your responsibility to inform Yourself of the privacy policies of these third party websites.
12. DISPUTE RESOLUTION
Although Exa has put in place reasonable safeguards to protect Personal Data, Exa recognizes that there is no method of transmitting or storing Personal Data that is completely secure.
However, Exa is committed to ensure the privacy of Personal Data: if You have a reason to believe that the security of Your Personal Data has been compromised or misused, You should contact Exa by sending an email to: email@example.com.
Unauthorized access to Personal Data or the improper use of Personal Data may constitute offenses under local law.
If Your usual place of residence is in European Union, Lichtenstein, Norway or Iceland, You have a right to file a complaint with Your competent data protection authority.
Please note that You may also contact 3DS Data Protection Officer via the following address: 3DS.Compliance-Privacy@3ds.com
Last modification: May 25th 2018.