Xima General Privacy Policy

Last Updated November 14th, 2019

XIMA, LLC, a Utah limited liability company (“Xima”) has created this Privacy Shield Privacy Policy (“Privacy Shield Privacy Policy”) to help you learn about how we handle Personal Information collected in the European Economic Area (“EEA”) and transferred to Xima in the United States.

Xima commits to adhere to the EU-US Privacy Shield Framework by adopting and implementing the EU-US Privacy Shield Principles (“Principles”).  Our certification can be found at www.privacyshield.gov/list

This Privacy Shield Privacy Policy supplements Xima’s General Privacy Policy.  In the event of any conflict between our Privacy Policy and this Privacy Shield Privacy Policy, this Privacy Shield Privacy Policy shall control.   In the event of any conflict between this Privacy Shield Privacy Policy and the Principles, the Principles shall control.  


How We Obtain Personal Information

As a data controller, we collect and process EEA Personal Information directly from individuals, either through our publicly available website, www.ximasoftware.com, or in connection with our relationships with our partners, customers, resellers and vendors.

As a data processor, we process and store EEA Personal Information obtained from our customers when providing our customers software and related technical and customer support services (Xima’s software and all related services may be referred to hereinafter collectively as the “Services”).  In this context, we process Personal Information on behalf of and at the instructions of our customers, which are the data controllers.

Xima commits to subjecting to the Principles all Personal Information received form the EEA in reliance on the Privacy Shield (which includes both types of activities)


We provide information in our General Privacy Policy regarding Xima’s privacy practices.   When using our Services, customers determine the data and information they upload into our systems and software.  Accordingly, customers are responsible for providing notice to the individuals from whom they have collected Personal Information. 
Processing of Personal Information
Xima may use any Personal Information we obtain for the purposes indicated in our General Privacy Policy or as otherwise notified to you.  We will not process Personal Data in a way that is inconsistent with these purposes or as otherwise authorized by you.  We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the intended purposes for which it was collected, and to ensure that such Personal Information is complete, reliable, current and accurate.  We will adhere to the Principles for as long as we retain the Personal Information collected under the Privacy Shield.  When we process Personal Information in the context of our Services, we process and retain Personal Information only to the extent necessary to provide our Services, or as required or permitted under applicable law. 

Disclosure of Personal Information
We work with other companies that provide services or help support our business.  These companies may have access to your Personal Information, including (i) with our partners and affiliated companies, as reasonably necessary to provide or support our Services; (ii) with our resellers and other sales partners for the purpose of assisting you with ordering and/or implementing the Services; and (iii) when we hire companies to help us market our website and Services to provide you with information and offers related to Xima. 

Xima may also share your Personal Information (i) when we are required to provide information in response to a subpoena, court order, applicable law, government statute, regulation or other legal process; (ii) when we have a sincere belief that the disclosure is necessary in our legitimate interests to prevent or respond to fraud, defend our website or Services against attacks, protect the property or security of Xima or the property and security of our customers; (iii) as necessary to meet lawful requests by public authorities, including to meet national security or law enforcement requirements; (iv) if we merge with or are acquired by another company; (v) when we aggregate and share de-identified information collected by our Services in order to provide statistical information or market research to third parties; or (vi) when you consent to the sharing

If we disclose it to a third party acting as a data controller or as an agent, we will comply with, and protect the Personal Information as stated in the Accountability for Onward Transfer Principle.  If the case of disclosure to an agent, we remain responsible for the processing of Personal Information received under the Privacy Shield and subsequently transferred to that agent if it processes such Personal Information in a manner inconsistent with the Principles, unless we establish that we are not responsible for the event giving rise to the inconsistent processing.  When we process Personal Information in the context of our Services, we disclose Personal Information as necessary to provide the services and as authorized in our agreements with customers. 


Data Security
We have instituted appropriate and reasonable measures to protect your Personal Information from loss, misuse and unauthorized access, destruction, alteration and/or disclosure, taking into account the inherent risks involved in the processing and the nature of the Personal Information.

Access to Personal Information
As appropriate, Xima provides you with access to the Personal Information that we maintain about you and the ability to correct, amend or delete that information when it is incorrect or has been processed in violation of the Principles by sending a written request as indicated in the contact information provided below.  We will review all requests in accordance with the Principles, and may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive given the circumstances, or as otherwise permitted by the Principles.  To the extent that we use your Personal Information for a purpose that is substantially different from the purposes listed in this policy or if we intend to disclose it to a third party acting as a controller not previously identified, we will offer you the opportunity to opt-out of such uses and disclosures where is involved non-sensitive information or opt-in where sensitive information is involved.    

When we process Personal Information in the context of our Services, we only process and disclose the data as necessary to provide the Services.  If you wish to request access, to limit use, or to limit disclosure of Personal Information uploaded to the Services by one of Xima’s customers, please contact the customer who submitted your data to our Services.  If you provide us with the name of our customer that is processing your Personal Information, we will refer your request to that customer and will support the customer as needed in responding to your request.


If you have any questions or concerns regarding Xima’s Personal Information practices or compliance with the Principles, we encourage you to write to us as indicated below.  We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.  If an issue cannot be resolved, individuals may contact or submit a complaint, at no cost, to the JAMS EU-US Privacy Shield Program, which is based in the United States.  We will cooperate with JAMS pursuant to the JAMS International Mediation Rules, which are accessible on the JAMS website at https://www.jamsadr.com/eu-us-privacy-shield.  For residual complaints not fully or partially resolved by other means, individuals may be able to invoke binding arbitration as detailed in the Principles. The Federal Trade Commission has jurisdiction over compliance with the Privacy Shield.
Revisions to this Privacy Policy
Xima reserves the right to revise this Privacy Shield Privacy Policy from time to time, consistent with the requirements of the Privacy Shield.   Any changes to this Privacy Shield Privacy Policy will become effective when we post the revised version on our website.   

Contact Information
If you have any questions, concerns or complaints regarding Xima’s privacy practices or this Privacy Shield Privacy Policy, please contact us at:

Xima, LLC
Attn: Jeff Jorgensen
10610 S. Jordan Gateway, Suite 300
South Jordan, Utah 84095
(p): 888-944-9462
(e): jjorgensen@ximasoftware.com