Excelsoft (referred to herein as “we” or “us” or “Excelsoft”) is a Business-to-Business (B2B) company. Our digital learning and assessment products /services are being used worldwide by acclaimed educational publishers, universities/schools, licensing/awarding bodies, as well as government, defense, and corporate sectors. Excelsoft respects the privacy of its customers and their end-users and is committed to protecting confidential data. Excelsoft has been certified with ISO 27001 certification and has in place policies and processes for Information Security in line with ISO 27001. “Surveillance Audit” is performed by an authorized external auditor every year.
Being a B2B company, we are entrusted with the data of our customers and their users. We employ up-to-date best in class data protection technologies and comply with standard data protection policies to reduce the risk of unauthorized access to our customers and their users’ data. We do not share data across our customers for any reason.
All employees in Excelsoft are bound by confidentiality, non-disclosure, and IP protection clauses within their employee Agreement, which is as stringent or more stringent than similar non-disclosure protections we enter contractually with our customers. Role and access control policies define access to all the servers and applications, and any employee will have only such access as are essential to perform the duties required as outlined in the contract with every customer. Only authorized employees with a reasonable need related to their job duties will have access to customer and end-user information as defined in the contract with each customer (For example, to investigate a production incident).
Excelsoft regularly conducts a privacy awareness training program for all its employees to reinforce the importance of data protection and security. Employees who violate our policies are subject to disciplinary action, up to and including termination.
We maintain contractual data security, confidentiality, and privacy obligations with our partners and vendors necessary for the performance of any contract we enter into with them or you. Our data security agreements with our business partner/vendors are as stringent or more stringent than the similar agreements we enter contractually with our customers.
The use of data we collect depends on your relationship or purpose of your online interactions with us. Please refer to the below subsections to learn more.
We will collect and store limited personal information about the relevant contacts at our customer companies for invoicing, notification of product updates and maintenance, and similar purposes. Such information is shared only with the authorized Excelsoft employees with a reasonable need to perform some of the jobs mentioned above (ex: invoicing, project management, deploying product updates, etc.).
Product/services licensed by the customer will be deployed on machine instances owned either by the customer or by Excelsoft on-premise or on cloud services as per customer requirements. Where permitted by our customer, an in-house security team performs Vulnerability Analysis/Penetration Testing and certifies each customer’s release or deployment. Excelsoft also engages external auditors to have its applications tested from a security perspective, and implement any recommendations.
Any data, including question items, or learning content, special algorithms, etc., provided explicitly by a customer are considered customer’s IP and are not used or shared with any other customers. Excelsoft generally maintains specific non-disclosure agreements/clauses related to these in the Agreement with customers.
Customers can request to have an exclusive instance of the content repository and application servers (where no other customer’s data is stored), or may use shared machine or application instances (based on contract). In either situation, Excelsoft will have access provided to employees only on a need-to-know basis. No customer can view or access any other customer’s data.
Role and access control policies define access to all servers and applications, and any employee will have only such access as are essential to perform the duties required as outlined in the contract with that customer. For example, unless agreed with the customer, Excelsoft employees will not have continuous access to production servers if the customer manages servers on their own. On a need-to basis and for specific tasks and roles required, Excelsoft will seek and get credentials needed to perform the function post which these credentials are disabled. Where Excelsoft manages the application, hosting, and all server access, the access is limited to very few employees who are trained to perform specific tasks. For example, the DB administrator will have only DB server access and not App server access. Also, the DB administrator will not have the key for reading encrypted content. All accesses are on a need basis only.
We may disclose customer information, as requested or authorized by a customer or as required by an applicable governmental agency or authority, for administrative, audit, evaluation, or other purposes.
Excelsoft may use and disclose customer information to law enforcement and other regulatory officials to investigate and address suspected illegal conduct prohibited under the law of the corresponding jurisdiction.
Our customers decide how we should use their end-user information. We provide most of our products/services to end-users of our customer as a so-called ‘data processor’ on behalf of our customer. Therefore, the primary responsibility for data privacy compliance lies with the customer as a ‘data controller.’ It also means that the customer’s privacy statement governs the use of their end-user information (instead of our privacy statement). Our customer determines what end-user information we collect through our products and services, and we process collected data according to customer’s instructions and as per the terms of our contracts with the customer. We use the end-user information in accordance with our agreement with the customer to operate, maintain, and provide the features and functionality of the products and services. We also use the end-user information to perform analytics functionalities as directed by the customer.
End-user information (as authorized and limited by end-user) can be collected directly from the end-user using the forms/interfaces of our products/services. It can also be collected indirectly through authorized data sources supplied securely by the customer, and received and processed securely by our products/services.
Application and system logs are critical to ensuring the delivery, availability and security of our products/services. Excelsoft automatically collects log data related to end-user interaction with our products/services. This data may include browser type, type of computer/device and technical information about the end-user means of connection to the products/services, such as operating system, internet service provider, and IP address. This data is collected and used for support purposes and to monitor the health of the products/services, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale the computing resources for the product/services. Data for application/system logs are collected using automated technologies or during end-user interaction with the products/services.
We may use and disclose end-user information, as requested or authorized by an Institution or by an applicable governmental educational agency or authority, for administrative, audit and evaluation purposes.
Excelsoft may use and disclose end-user information to the law enforcement and other regulatory officials to investigate and address suspected illegal conduct prohibited under the law of the corresponding jurisdiction.
Excelsoft uses the following methods to collect Identity/Contact data from a website/social-media visitor: direct interactions and indirect/automated technologies or interactions.
Direct Interactions: We collect your Identity or Contact Data by using forms or surveys on our website or social media posts.
Indirect/Automated Technologies or Interactions: As you interact with our website and social media pages, we automatically collect information about the pages you visit and how you access and use our websites using cookies and third-party analytics tools. Data collected can be used for analytics such as to collect visitor information, such as browser types, operating systems, device types, referring pages, pages visited, and time spent on a particular site. Depending on your device settings, we may also collect information about your geographical location.
Given below are some of the primary reasons for collecting the information from our websites and social media pages:
To protect information from unauthorized access, use, and disclosure, Excelsoft maintains a comprehensive information security program and employs reasonable and appropriate physical, administrative, and technical safeguards. Excelsoft performs periodic risk assessments of its information security program and prioritizes remediation of identified security vulnerabilities.
Some of our protection and security best practices include, but not limited to:
Excelsoft is committed to delivering its products/services by complying with all data protection laws as required by the corresponding jurisdiction (GDPR, CCPA, FERPA, COPPA, etc.). Excelsoft has been certified with ISO 27001 certification and has in place policies and processes for Information Security in line with ISO 27001. “Surveillance Audit” is performed by an authorized external auditor every year. Excelsoft successfully cleared its last “Surveillance Audit” and is certified by an external auditor.
The use of our products/services by a minor (end-user) of our customer is subject to the consent provided by the customer (For example, schools/institutions/organizations). We advise the schools/institutions/organization (customer) who permit their children to use our products/services that it is essential that they communicate with their children about their safety online. Minors who are using the platform should be made aware of the potential risks to them and of their obligation to comply with our products/services terms. However, Excelsoft will comply with all applicable provisions of required child protection acts as required by the corresponding jurisdiction. Excelsoft will abide by the definition of the minor as defined by the corresponding jurisdiction.
Excelsoft will NOT transfer any personally identifiable information outside the jurisdiction of where your data is agreed to be stored as part of the agreement. Data that is not personally identifiable may be transferred to and stored at a location outside your country/continent of residence for purposes of providing services to our Customer (For example, to perform load tests or other services, or where a customer has end users in multiple countries and the data can only be stored in one location). It may also be processed by staff operating outside your country of residence to perform, among other things, the provision of support services. By using the products or services of Excelsoft, you agree to this transfer, storing or processing. Specific contracts may include further restrictions on other data movement. We will take all reasonable steps necessary to ensure that your data is treated securely and in accordance with this privacy notice.
All information you provide to us is stored on our secure servers or those of our service providers. Where we have given you (or where you have chosen) a password/access code, which enable you to access certain parts of our products/services, you are responsible for keeping this password/code confidential. We ask you not to share your password with anyone.
We will only retain your information for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements Cookies.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience.
Our products/services/websites sets cookies which remain on your computer or device for differing times. Some expire at the end of each session, and some stay for longer so that when you return to our products/services, you will have a better user experience.
We may use any or all of the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our Platform. They include, for example, cookies that enable you to log into secure areas of our website and navigate between pages.
Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it, links clicked, etc. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognize you when you return to our website. This enables us to personalize our content for you and remember your preferences (for example, your choice of language or region).
Excelsoft will not use end-user information for any marketing purposes and will not knowingly direct or send marketing communications to and-user. We conduct marketing to promote our products and services. This marketing is generally aimed at the staff of our current and potential customers and partners. When we hold or sponsor events and webinars, we will collect information about attendees, such as the session they attend and their contact details, to provide them with relevant product information and other Excelsoft related information. We may use vendors to help us organize and conduct campaigns, events, and other aspects of marketing. We will share with them only the necessary information and ensure that they are following our strict requirements for vendors. For example, we will receive information from some third parties about how well an online marketing or email campaign performed.