RFID Retail Checkout Solutions

PRIVACY POLICY / EXO Solutions Inc

Updated August 8, 2023

This Privacy Policy includes important information about your personal data and we encourage you to read it carefully.

EXO Solutions Inc, a South Carolina limited liability company (“EXO”, “we”, “our” or “us”), develops, markets, sells and services RFID hardware and software systems for stores and retail checkout. Businesses of all sizes (each, a “Customer”) use our hardware, software and services (our “System”) to expedite retail checkout. We care about the security and privacy of the personal data that is entrusted to us.

This Privacy Policy (this “Policy”) describes the Personal Data (as hereinafter defined) that we collect about you, how we use it, how we share it, your rights and choices, and how you can contact us about our privacy practices. This Policy also outlines your data subject rights, including the right to object to some uses of your Personal Data by us. As used in this Policy, “Personal Data” means any information that relates to an identified or identifiable individual, and can include information about how you engage with our System (e.g., device information, IP address). Under this Policy, EXO acts as a “data controller” or “data processor”, depending on the activity.

  1. Personal Data That We Collect And How We Use And Share It
    • Personal Data That We Collect.
      • Generally. When signing up to access or when using the System, EXO may collect your name, email address, phone number, mailing address or other identifying information from you.
      • Online Activity Personal Data Collection. Depending on how you access or interact with our System, we may collect information about devices and browsers across our System as well as third-party websites, apps and other online services. Usage data associated with those devices and browsers, including IP address, plug-ins, language used, time spent on the System, pages visited, links clicked, and the pages that led or referred you to the System.
      • Communication and Engagement Information. We will collect any information you choose to provide to us, for example, through support tickets, emails or social media. When you respond to EXO emails or surveys, we collect your email address, name and any other information you choose to include in the body of your email or responses. If you contact us by phone, we will collect the phone number you use to call EXO, as well as other information you may provide during the call. We will also collect your engagement data such as your registration for, attendance of, or viewing of EXO events and other interaction with EXO personnel.
      • Forums and Discussion Groups. Where our System allows you to post content, we will collect Personal Data that you provide in connection with the post.
    • How We Use And Share Personal Data.
      • Generally. We use your Personal Data to allow you to access and use the System, including security, delivery, support, personalization and messages related to the System. We also use your Personal Data for our fraud detection and mitigation business services and may share certain Personal Data with our Customers that you may seek to do business with. The use of this Personal Data is subject to the Customer’s privacy policies. We may also use your Personal Data to assess your eligibility for and offer you other services. With your permission or where allowed by law, we use and share Personal Data with others so that we may market our System to you. We do not share Personal Data with third parties for their marketing or advertising unless you give us or the third party permission to do so. We do not sell your Personal Data.
      • Improving and Developing our System. We use analytics in our System to help us analyze your use of our System and diagnose technical issues. We also collect and process Personal Data to improve our System, develop new services and support our efforts to make our System more relevant and more useful to you.
      • Communications. We will use the contact information we have about you to allow you to connect with and use the System, which may include sending codes via SMS to authenticate you. We may communicate with you using the contact information we have about you to provide information about our System and our Customers’ services, invite you to participate in our events or surveys, or otherwise communicate with you for our marketing purposes, provided that we do so in accordance with applicable law, including any consent or opt-out requirements.
      • Social Media and Promotions. If you choose to submit Personal Data to us to participate in an offer, program or promotion, we will use the Personal Data you submit to administer the offer, program or promotion. Based on your permission or opt-out, we will also use that Personal Data and Personal Data you make available on social media to market to you.
      • Fraud Prevention and Security. We collect and use Personal Data to help us to detect and manage the activity of fraudulent and other bad actors across our System, to enable fraud detection, and to otherwise seek to secure our System and transactions against unauthorized access, use, modification or misappropriation of Personal Data or information. In connection with fraud and security monitoring, prevention, detection, and compliance activities for EXO and its Customers, we may receive information from third parties about IP addresses that malicious actors have compromised. This Personal Data (g., name, address, phone number, country) helps us to confirm identities and prevent fraud.
      • Compliance with Legal Obligations. We use Personal Data to meet our contractual and legal obligations. We strive to make our System safe, secure and compliant, and the collection and use of Personal Data is critical to this effort.
      • EXO Affiliates. We share Personal Data with other EXO affiliated entities. When we share with these entities, it is for purposes identified in this Policy.
      • Service Providers or Processors. In order to provide the System to you and our Customers and to communicate, market and advertise our System, we will rely on others to provide us services. Service providers provide a variety of critical services, such as hosting (storing and delivering), analytics to assess the speed, accuracy and/or security of our System, identity verification, customer service, email and auditing. We authorize such service providers to use or disclose the Personal Data of our users that we make available to perform services on our behalf and to comply with applicable legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the United States of America, the European Union, and India.
      • Corporate Transactions. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share Personal Data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your Personal Data, but subject to the terms of this Policy.
      • Compliance and Harm Prevention. We share Personal Data as we believe necessary: (i) to comply with applicable law; (ii) to enforce our contractual rights; (iii) to secure or protect the System, rights, privacy, safety and property of EXO, you, our Customers, or others, including against other malicious or fraudulent activity and security incidents; and (iv) to respond to valid legal process requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
    • Minors. The System is not directed to minors, including children under the age of 13, and we request that they do not provide Personal Data through the Services. In some countries, we may impose higher age limits as required by applicable law. We do not sell any Personal Data, including those aged between 13 to 16.
  2. Legal Bases For Processing Data. For the purposes of the General Data Protection Regulation (the “GDPR”), we rely upon a number of legal bases to enable our processing of your Personal Data.
    • Contractual and Pre-Contractual Business Relationships. We process Personal Data for the purpose of entering into business relationships with prospective Customers and users and to perform the respective contractual obligations that we have with these Customers and users. Activities include creation and management of accounts and account credentials, including the evaluation of applications to commence or expand the use of our System.
    • Legal Compliance. We process Personal Data to verify the identity of our users in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity.
    • Legitimate Business Interests. Where allowed under applicable law, we rely on our legitimate business interests to process Personal Data about you. The following list sets out the business purposes for which we have a legitimate interest in processing your data: (i) determine eligibility for and offer new EXO and Customer products and services; (ii) respond to enquiries, send notices and provide customer support; (iii) promote, analyze, modify and improve our System and develop new products and services, including reliability of the System; (iv) manage, operate and improve the performance of our System by understanding their effectiveness and optimizing our digital assets; (v) analyze and advertise our System; (vi) conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business; (vii) share Personal Data with third party service providers that provide services on our behalf and business partners which help us operate and improve our business; (viii) enable network and information security throughout our System; and (ix) share Personal Data among our affiliates.
    • Consent. We may rely on consent to collect and process Personal Data as it relates to how we communicate with you and for the provision of our System. When we process data based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before the consent is withdrawn.
  3. Your Rights and Choices. You may have choices regarding our collection, use and disclosure of your Personal Data:
    • Opting Out Of Receiving Electronic Communications From Us. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your requests as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, our Customers may still send you messages and direct us to send you messages on their behalf.
    • Your Data Protection Rights. Depending on your location and subject to applicable law, you may have additional rights described with regard to the Personal Data we control about you, including without limitation: (i) the right to request confirmation of whether EXO processes Personal Data relating to you, and if so, to request a copy of that Personal Data; (ii) the right to request that EXO rectifies or updates your Personal Data that is inaccurate, incomplete or outdated; (iii) the right to request that EXO erase your Personal Data in certain circumstances provided by law; (iv) the right to request that EXO restrict the use of your Personal Data in certain circumstances, such as while EXO considers another request that you have submitted (including a request that EXO make an update to your Personal Data); (v) the right to request that we export your Personal Data that we hold to another company, where technically feasible; (vi) where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time; and/or; (vii) where we process your information based on our legitimate interests, you may also have the right to object to the processing of your Personal Data. Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your information when you object.
    • Process For Exercising Your Data Protection Rights. To exercise your data protection rights please contact us as described below.
  4. Security And Retention. We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data covered by this Policy against unauthorized access, destruction, loss, alteration or misuse. Personal Data is only accessed by a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. To help us protect personal data, we encourage you to use a strong password and never share your password with anyone or use the same password with other sites or accounts. If you have reason to believe that your interaction with us is no longer secure (g., you feel that the security of your account has been compromised), please contact us immediately. We retain your Personal Data as long as we are providing the System to you or our applicable Customer (as applicable) or for a period during which we reasonably anticipate providing the System. We also retain your Personal Data in order to comply with our legal and regulatory obligations. We may also retain it to allow for fraud monitoring, detection and prevention activities. We also keep Personal Data to comply with our tax, accounting, and financial reporting obligations. In cases where we keep Personal Data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
  5. International Data Transfers. We are a global business. Personal Data may be stored and processed in any country where we do business or where our Customers or service providers do business. We may transfer your Personal Data to countries other than your own country, including to or outside of the United States. These countries may have data protection rules that are different from your country. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer. In certain situations, we may be required to disclose Personal Data in response to lawful requests from officials such as law enforcement or security authorities.
  6. Updates And Notifications. We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective when we post the revised Policy on our website. We may provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our website or by contacting you through your email address and/or the physical address listed in your EXO account. If applicable law requires that we provide notice in a specified manner prior to making any changes to this Policy applicable to you, we will provide such required notice.
  7. Jurisdiction-Specific Provisions.
    • Australia. If you are an Australian resident, and you are dissatisfied with our handling of any complaint you raise under this Policy, you may wish to contact the Office of the Australian Information Commissioner.
    • EEA and UK. To exercise your rights, you may contact our DPO. If you are a resident of the EEA and believe we process your information within the scope of the GDPR, you may direct your questions or complaints to the Irish Data Protection Commission. If you are a resident of the UK, you may direct your questions or concerns to the UK Information Commissioner’s Office.
    • United States – California. If you are a consumer located in California, we process your personal information in accordance with the California Consumer Privacy Act (“CCPA”). You have a right to receive notice of our practices at or before collection of personal information. This section provides additional details about the personal information we collect and use for purposes of CCPA.
      • How We Collect, Use, and Disclose your Personal Information. The Personal Data We Collect section further describes the personal information we may have collected about you, including the categories of sources of that information. We collect this information for the purposes described in the How We Use Personal Data section. We share this information as described in the How We Disclose Personal Data section.
      • Your CCPA Rights and Choices. As a California consumer and subject to certain limitations under the CCPA, you have rights and choices regarding our use and disclosure of your personal information. The CCPA provides that you may not be discriminated against for exercising these rights. To submit a request to exercise any of the rights described below, please contact us using the methods described in the Contact Us section below. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. Further, to provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your account. An authorized agent may submit a request on your behalf by contacting us using the methods described in the Contact Us section below. We may still require you to directly verify your identity and confirm that you provided the authorized agent permission to submit the request.
        • Exercising The Right To Know. You may request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about categories of their personal information collected, sold, or disclosed; purposes for which this personal information was collected or sold; categories of sources of personal information; and categories of third parties with whom we disclosed this personal information.
        • Exercising The Right To Delete. You may request that we delete the personal information we have collected from you, subject to certain limitations under applicable law.
        • Exercising The Right To Opt-Out From A Sale. We do not sell Personal Data as defined by the CCPA and have not done so in the past 12 months.
  1. Contact Us. If you have any questions or complaints about this Policy, please contact us at sales@exocheckout.com. Please refer to the privacy policy or notice of the Customer for information regarding the Customer’s privacy practices, choices and controls, or contact the Customer directly