This Privacy Policy outlines how we collect, use and share personal data of people who use or are connected to our services, are interested in Xem.Link or its services, or to whom we wish to market our services. This Privacy Policy also provides you with information on your rights as a data subject and how to reach us if you have any questions.
This Privacy Policy does not apply to the practices of other businesses that Xem.Link does not own or control, including other companies’ websites, services and applications (“Third Party Services”) that you can access through the Services or to individuals that Xem.Link does not manage or employ. We encourage you to review the privacy policies of any Third Party Services you access or use. Please note that we cannot take responsibility for the content or privacy policies of Third Party Services, and any third party policies linked to this Privacy Policy are strictly for informational purposes only.
Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to individuals in those locations, or as required by applicable laws. If you are a United States resident of California, Virginia, Colorado, Connecticut or certain other U.S. states, please see the sections titled California Privacy Rights, and Virginia/Colorado/Connecticut and certain other U.S. State Privacy Rights for specific disclosures with respect to our collection, use, and disclosure of your information and additional rights you have under applicable U.S. laws.
ACCESS XEM.LINK: IF YOU ARE HAVING ANY TROUBLE ACCESSING THIS PRIVACY POLICY, PLEASE CONTACT US AT privacy@xem.link .
This Privacy Policy describes the policies and procedures of Xem.Link Jsc., 54b ngach 2 ngo 83 Nguyen Khang, Cau Giay, Ha Noi, Viet Nam, for the collection, use, and disclosure of personal data about you for which either of us act as the data controller, or for which we act as joint controllers, in accordance with the European Data Protection Regulation (“GDPR”) and other applicable laws.
If you have any questions or concerns regarding privacy when using the Services of Xem.Link wish to use your rights, such as to object to the processing or have your personal data removed, please send us a detailed message to: privacy@xem.link . We will make every effort to resolve your concerns. Please also see “Rights of Data Subjects” for more detailed information on your rights as the data subject.
Xem.Link Jsc Services
Xem.Link collects personal data about you from the following sources, as described in this Privacy Policy, when you (i) register for the Site and the Services, through your user account with Xem.Link, including registering through a third-party service (your “Account”); (ii) use the Services; or (iii) view or interact with a Xem.link link, QR Code, Bio Page or other Xem.Link Product (either our Xem.Link links or one of our branded domains) on a third-party website. We collect the following types of information from you, some of which might be considered personal data under applicable law:
When You Register for a Xem.Link Account
When you create an Account, we collect the personal data from you, such as your name, phone number, company name, industry, job title, company size, email address, phone number and sign-in information. If you create an Account using your login information from a third-party account, such as Google, Facebook, Apple, or Twitter, we will access and collect the personal data about you that the third-party account provides (which is based on your privacy settings with the third-party account), so that you can log into your Account with us. We use your contact information to send you information about our Services and communicate with you about your Account, your activities on our Site and Services and policy changes. You may unsubscribe from receiving certain types of these messages through your Account settings, although Xem.Link reserves the right to contact you when we believe it is necessary, such as for administrative and account management purposes.
We may receive a confirmation when you open an email from us. We use this confirmation to improve our customer service.
You have the opportunity to add sub-users to your Account. If you create a sub-user, the following personal data of the sub-user will be processed: Name, email address, IP address of the user’s device, date and time of sub-user creation, login information, employer, phone number.
Some features of the Services allow registered users to provide their own content to the Services, such as written descriptions of URLs, comments, images and video. Unless you request deletion of your personal data as described in this Privacy Policy, all content submitted by you to the Services may be retained by Xem.Link, even after you terminate your Account and may continue to be shared by third parties, as described in this Privacy Policy.
When You Create a Xem.Link Link, QR code or Bio Page (collectively “Xem.Link Products”)
One feature of the Services is the ability to create shortened uniform resource locators (URLs) of websites, QR codes linking to a URL, or a Bio Page linking to a URL (“Xem.Link Products”). When you create a shortened link, QR code, Bio Page or other Xem.Link product, Xem.Link collects and stores both the original URL and any shortened URL and, if you are logged in to your Account, we will associate that information with your Account. Xem.Link also collects and stores your IP address, your geolocation data (which we derive from your IP address), the time and date on which you shortened the original URL and/or created the Xem.Link Product, and if you share a Xem.Link Product on a social networking platform, the name of the platform and your username on that platform.
When You Interact With a Xem.Link Product
Xem.Link automatically collects personal data about the interaction (such as clicks or views) with every Xem.Link Product created through the Services (either our Xem.link links or one of our branded domains) on a third-party website. This information includes, but is not limited to: (i) the IP address and location derived from the IP address; (ii) internet or other electronic network activity information like the referring websites or services; (iii) the time and date of each access; (iv) device settings, such as browser type, operating system, and language; and (v) cookies, as described in our cookie policy, and mobile advertising identifiers. As described in this Privacy Policy, we use this personal data to provide the Services, to understand and analyze how our Services are used and to identify trends, and to detect, deter and prevent malicious, fraudulent or unlawful activity. Please see the “Information We Share” section below for a description of how we may share information we collect when you create, view or interact with Xem.Link Products.
Usage Across Devices
We use the information we collect to make inferences that a unique individual has created or interacted with Xem.Link links, QR codes or Bio Page on different devices so that we can detect, deter and prevent malicious, fraudulent or unlawful activity and analyze how users use our Services. For example, if you created a Xem.Link Product on a computer connected to your residential WiFi network, and you soon thereafter clicked on a Xem.Link Product on a mobile device connected to the same WiFi network, we may infer that a single individual created and clicked on the Xem.Link Product because both events were associated with the same IP address in the same time period.
Other Uses
We also may use personal data to pursue legitimate interests, such as direct marketing, research (including marketing research), network and information security, prevention of fraudulent, malicious and unlawful activities, or any other purpose, as disclosed to you at the time you provide personal data or we contact you for the first time.
Information We Share
The Services are designed to help you share information with others. The following categories of personal data generated through your use of the Services are shared publicly, within Xem.Link and with the following categories of third parties for the business purposes described below.
Xem.Link Jsc Companies – Personal data related to your Account and possible subscriptions for Services of Xem.Link will be shared within Xem.Link to be used for our joint purposes as described under “Data Sharing and Joint Processing within Xem.Link”. Please note that if you hold a Xem.Link Account(s) and/or use Xem.Link Services managed by us or other Xem.Link entities, such personal data is combined with personal data collected in connection with Xem.Link Services. Sharing and combining the personal data is based on Xem.Link legitimate interests in finding synergies generated from performing, planning, and developing business in group level, and in promoting sales by cross and up-selling complementary products of group companies.
Xem.Link Products You Create – Much of your activity on and through the Services is public by default. For example, when you create a Xem.Link Product, the original URLs you have shortened and the corresponding Xem.Link Product are publicly available, including the possibly included personal data.
Account Information – Where permitted by law, if you register a Xem.Link Account with an email address on a domain owned by an organization, (for example, an employer or educational institution where you have an email account), we may share your email address and information about your Account, such as the number of links you have created, with that organization to explore the organization’s interest in creating or managing an enterprise account or for related purposes.
Customer Support – We use various tools for communication and to provide you with customer support. To use customer support, you must provide at least one valid email address. This data processing can include the following data: Name, email address, contract information, job title, employer, customer ID, payment information, communication data. Data is processed to provide the services, offer customer support, communication with interested persons, responding to inquiries and customer relationship management. If the purpose of the contact is to conclude a contract or if you already have an account then we retain your information as needed to verify and provide you access to the services. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, to the extent further storage is not permitted or required by law. Personal data collection in connection with customer support will be shared within Xem.Link to be used for our joint purposes as described under “Data Sharing and Joint Processing within Xem.Link.“
Email Verification – We use an email verification service. The email address of a user is processed for the purpose of verification and to filter invalid and spam email addresses/domains. All email addresses which are provided to the verification service by us are automatically deleted after the verification process.
Email Marketing – For some services, we use email marketing providers to send transactional emails. When you register for our services, the data you enter during registration is transferred to our email marketing provider. This enables us to send you relevant emails, e.g. to confirm your registration or unsubscribe from our services. Further personal data may be stored and evaluated as a result, especially the user’s activity (in particular which pages have been visited and which elements have been clicked on) and device and browser information (in particular the IP address and operating system). For this purpose, your data will also be stored by our email marketing provider. Your data will not be passed on to third parties for the purpose of sending mails within the scope of using our services, nor will the vendor obtain the right to pass on your data.
Information You Elect to Share – When creating a Xem.Link Product, you can share that Xem.Link Product through Third Party Services. Any information that you elect to distribute through Third Party Services, such as a social network post you create, may then become accessible to users of those services. You can also access other Third Party Services through the Services, for example by clicking on links in the Statistics page for a Xem.Link Product. We recommend that you review the terms of services and privacy policies of such Third Party Services that you access through the Services since Xem.Link does not control and is not responsible for the privacy practices of these Third Party Services.
Information Shared with Service Providers – We may employ and contract with third parties to perform certain tasks on our behalf and under our direction (our “Service Providers”). We may need to share information about you with our Service Providers in order to fulfill certain business purposes, like providing our product with research and analytics on user behavior and providing advertising products and services to users, processing payments, and providing email marketing and support services. Our agreements with these Service Providers authorize them to use your information only as necessary to provide services to us. Transfers to subsequent third parties are covered by our agreements with our service providers.
Payment Processing – For the transmission and verification of purchases, the data processed include bank account details, billing/shipping address, card expiration date, customer name, CVC code, date/time/amount of transaction, device ID, email address, IP address/location, customer ID, payment card details, tax ID/status, unique customer identifier. We share your data in these cases to allow the payment processing services necessary to process the payments for your account.
Service Optimization – We use a variety of third party vendors in order to optimize our service. Vendors are used to evaluate the flow of visitors to our online offerings and may include behavior, interests or demographic information about visitors as pseudonymous values. With the help of these analyses, we can recognize, for example, which online offer, content or functions of our products are most frequently used or invite re-use. Likewise, we can understand which areas need optimization. Software may be used for analyzing and optimizing online offerings based on feedback functions and pseudonymously performed measurements and analyses of user behavior. In addition to web analytics, we may also use testing procedures, for example, to test and optimize different versions of our online offering or its components.
This processing may include IP address, random unique identifiers, experiment and event data associated with these identifiers (such as device type, variation and experiment IDs, browser and OS version and elements of the site being tested), device screen resolution, device type (unique device identifiers), operating system, browser type, geographic location (country only), preferred language, mouse events (movements, location and clicks), referring URL and domain, pages visited, date and time when website pages were accessed. The legal basis for the processing of personal data is the user’s given consent. In certain cases, your data will be processed on the basis of our legitimate interests of providing efficient, economical and recipient-friendly services and the improvement of our service.
Single Sign On – For some services, we allow users to elect to use single sign on services such as Google OAuth. Single Sign on Services allow users to log in to other online presences with their profile without having to create separate accounts.
Tax and Legal – Your personal data may be transferred to third parties for tax and legal reasons. Possible recipients are professionals (e.g. lawyers, tax consultants and auditors). In addition, data may be transferred to authorities (e.g. tax authorities) for tax and legal reasons. Such data transfer only takes place to recipients who are legally bound to secrecy.
The data may include the email address, IP address of the user’s device, date and time of registration, login information, address, contract information, payment information.
We have a legitimate interest in sharing personal data with professional consultants and auditors for the purpose of appropriate tax and legal consultation, and in some cases we are legally required to share this data.
Trust & Safety Compliance – We may share certain Xem.Link links, QR Codes, Bio Page and/or related URLs, and the data collected when you create or interact with a Xem.Link Product to help detect, deter and prevent malicious, fraudulent or unlawful activity.
With Your Consent – We will share information about you when you direct or otherwise instruct us to do so, such as when you share QR Codes or content with others through the Services, if you intentionally use or direct us or the Services to interact with third parties, or if we notify you that the information you provide will be shared in a particular manner and you provide such information (like sharing/posting it with a third-party Service).
The legal basis for processing of customer data for the Services and related communications is that the processing is necessary for performance of the requested service and management of the customer relationship subject to Xem.Link Terms of Service. The legal basis for other communications with the customer, such as marketing, is our legitimate interests to promote sales and increase awareness of Xem.Link Services, and communicate with our interest groups. Where such communications require consent, for example if we wish to market via email our Services to a new customer who is a natural person in the EU, the legal basis is your consent. The legal basis for improving, monitoring and analyzing the Services, and to prevent malicious, fraudulent or unlawful activity is our legitimate interests to ensure security and lawfulness of our Services, including protecting data of our customers and users, and preventing unauthorized or wrongful use.
This personal data is used to authenticate users to allow access to Xem.Link Services, to identify users to provide customer support, and store events and log information about your use of the Services for purposes of audit in case of a security or other incident to have a trail of actions performed by us and our users, to maintain support records, to promote sales and increase awareness of Xem.Link Services, and for purposes of service and product improvement, and to prevent malicious fraudulent or unlawful activity. The data is removed upon request, except for data (such as user name) stored in application logs and audit trails, which are deleted according to our standard data management cycle. We retain the personal data we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable legal obligations. Aggregated data sets that do not contain personal data are stored for an indefinite period for the purpose of business analysis. The personal data is erased from or anonymized in our systems upon request of the data subject or the customer they represent, or if the data is detected as irrelevant in our automated or manual system maintenance, or after 3 years following the last contact with the data subject, whichever occurs first.