Effective Date: April 29, 2014
Who is using your personal data?
Ebix Inc., whose registered office is at 1 Ebix Way, Johns Creek, GA, 30097 ("Ebix", "we", "us", "our"). Ebix provides on-demand infrastructure exchanges to the insurance, financial, and healthcare industries (each a "User").
Scope of this notice
Please read this notice carefully. It applies to the treatment of any information that could be used to identify you as an individual and which is collected through your use or interaction with our software products and services ("personal data"). The protection of your personal data is very important to us, and we understand our responsibilities to handle your personal data with care, to keep it secure and to comply with legal requirements.
This notice is not intended to override the terms of any contract that you or any relevant User may have with us, or that you may have with any relevant User, or any rights you might have available under applicable data protection laws.
We may make changes to this notice from time to time, for example to keep it up to date or to comply with legal requirements or changes in the way we operate our business.
We encourage you to regularly check back and review this policy so that you will always know what information we collect, how we use it, and who we share it with.
What personal data do we collect?
We will process the personal data that you provide to us and/or the User or any person acting on behalf of a User and/or which you record when using our software products and services, in particular your contact details, including your full name, job title, employment details including your employer, your business email address and telephone number and your platform log in details. In limited circumstances when you contact us for support, this might also include the limited details that you make available in relation to the issue.
We comply with the data minimization principles of data protection laws and we will not collect any personal data from you we do not need in order to provide and oversee our software products and services. In particular, we do not collect any special categories of data unless if it is contractually obligated do so, in the general course of providing services in connection with our products or through making the Website available, unless required and only when we have an appropriate legal basis to do so.
When do we collect your personal data?
We will collect information from you directly when you use the Website. To the extent permitted by law, we may also monitor and record telephone calls for training and quality assurance purposes when you call the help desk directly for user support. Information about you may also be provided to us indirectly by a User.
What purpose do we use your data for?
We need to process your contact details in order to operate our software products and services. We would like to use this information to inform you of anything that may impact your ability to make use of the services. If you do not provide this information, it may result in us being unable to provide our contractual services.
We will collect your device data to provide and operate our software products and the Website; to further develop, customize and improve our software products and the Website based on visitors' and users' common or personal preferences, to provide ongoing customer assistance and technical support; to enhance our data security and fraud prevention capabilities and to comply with any applicable laws and regulations.
We have to established a legal ground to use your personal data, so we will make sure that we only use your personal data for the purposes set out above where we are satisfied that:
- Our use of your personal data is necessary to support 'Legitimate Interests' that we have as a business (namely, to improve our products or services, to provide help or support in connection with our products and the website, to ensure that our products and the website operate efficiently and securely and to carry out analytics across our datasets), provided it is always carried out in a way that is proportionate, and that respects your privacy rights; and/or
- Our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we are subject to.
Before collecting and/or using any special categories of data we will establish an additional lawful ground to those set out above which will allow us to use that information. This additional exemption will typically be:
- your explicit consent
- Right to Opt-Out
- The establishment, exercise or defense by us or third parties of legal claims
PLEASE NOTE. If you provide your explicit consent to allow us to process your special categories of data, you may withdraw your consent to such processing at any time. However, you should be aware that if you choose to do so we may be unable to continue to provide certain services to you. If you choose to withdraw your consent we will tell you more about the possible consequences.
Where is your personal data stored?
All the personal data we process is processed by our staff in the US. For the purposes of IT hosting and maintenance of our software products, this information is located on servers within United States. We will not share your personal data outside the United States unless it is a transfer to a country which is recognized as providing an adequate level of legal protection or by ensuring that transfers are protected by contractual commitments for additional security - for example, the US - India Privacy Shield for the protection of personal data transferred to the India. In those cases you will have the right to ask us for more information about the safeguards we have put in place as mentioned above (e.g. to request a copy where the safeguard is documented, which may be redacted to ensure confidentiality).
No third parties, other than those that you chose to transact with over our products and services, have access to your personal data unless authorized by law, for example a regulatory body. We take all reasonable steps to ensure that your personal data is processed securely.
How long do we keep it?
In relation to your contact details, we will retain your data for so long as controller is contractually obligated. In some circumstances we may retain your personal data for longer periods of time, for example where we are required to do so to meet legal, regulatory, tax or accounting requirements, in particular where it forms part of an audit trail created to record your use of our software products.
For the device data we will retain your personal data for as long as is reasonably necessary for the purposes listed in this notice, and in line with our cookie settings for example.
In specific circumstances we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your personal data or dealings.
CCPA Privacy Notice Jan 2020
Notice to California Residents under CCPA Regulation:
What are your rights?
You have a number of rights in relation to your personal data which should be exercised by contacting the User or 'controller' of this data. As a service provider Ebix may only be a ‘custodian’ of the data holding it on behalf of the ‘controller’. You have the right to request the ‘controller’ provide access to various details about data usage. This may include data access, data history, data retention requests for the erasure of data no longer required, requests to restrict access on the processing or usage of your data,
Contact and complaints
You can contact us with any queries or concerns at the following email address Privacy@ebix.com
If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. In the US, the supervisory authority for data protect ion is the I COOAG (https://oag.ca.gov/privacy/ccpa). We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
Further information on CCPA regulation can be found at https://oag.ca.gov/privacy/ccpa
Notice to EU Residents under GDPR Regulation:
What are your rights?
You have a number of rights in relation to your personal data which should be exercised by contacting Ebix Inc. who is the 'controller' of this data. In summary, you may request us to ensure you can access your data, request the rectification of any mistakes relating to your data, request the erasure of records which are no longer required, request the restriction on the processing of your data, object to the processing of your data, or request to exercise your right of data portability.
Contact and Complaints
You can contact us with any queries or concerns at the following email address GDPR.Ebix@ebix.com If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time. In the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.