At Dexibit, we take privacy seriously. We facilitate presentations, workshops and webinars on best practices for managing visitor privacy in the attractions industry, provide additional resources such as whitepapers and advisory tips to to help our customers understand more about visitor privacy and pursue a strategy which avoids using personal data for analytics purposes, where possible.
However, as a customer, investor or #musedata fan, you may share your personal data with us, or in visiting a venue powered by Dexibit, data on your visit may be shared with us by the venue.
This privacy policy provides information on how we treat this information.
If you need to clarify any aspect of our privacy policy, make a complaint or request to be forgotten, you can contact our Privacy Officer at privacy@dexibit.com.
This policy was last updated 28th January 2020 and may change from time to time; any amendments will apply from the date published here.
General Data Protection Regulation (GDPR)
Dexibit is a Data Controller of data it collects via its website, newsletter, customer management or software use and a Data Processor of data it receives from client venues. As a Data Controller, our legal basis for collecting data is dependent on your consent to the processing of your personal data for the specific purposes identified in this policy, for the performance of a contract to which you are a party or in order to take steps at your request prior to entering a contract or as necessary for pursuing a legitimate interest as outlined in this policy. Under the GDPR, European Union citizens have the right to be informed, to access, to rectification, to be forgotten, to restrict processing, to portability, to procession and not to be subject to automated decision making.
Privacy Shield
Dexibit Limited and its subsidiaries Dexibit Inc and Dexibit UK Limited (together, “Dexibit”) complies with the EU – U.S. Privacy Shield Framework and Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and Switzerland to the United States. Dexibit has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, visit https://privacyshield.gov. Under the Privacy Shield Principles, individuals have the right to opt out of disclosures of their personal information to third parties; or uses of their personal information. In compliance with the Privacy Shield Principles, Dexibit commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Dexibit at privacy@dexibit.com. Dexibit has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please see https://www.jamsadr.com/ for more information or to file a complaint. The services of JAMS are provided at no cost to you. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, Dexibit is potentially liable.
Mobile Location Analytics Code of Conduct
Dexibit aligns with the Mobile Location Analytics Code of Conduct. We make a public commitment to maintain depersonalized data, to not to try to reidentify data and to prohibit downstream recipients from trying to use data to identify a particular individual. For more information about location analytics or to log a request with the industry’s Central Opt Out facility, see smart-places.org.
Engaging with a venue powered by Dexibit
Dexibit provides big data analytics to visitor attractions, to help them make data informed decisions which power our cultural future. To do so, we integrate with systems or otherwise receive a variety of data such as footfall counters, WiFi presence, ticketed admission, membership management, point of sale, email marketing, social media, website traffic, tourism, events, weather and more. We store a copy of this data in our system and process it to predict and analyze visitor behaviour. The client venue retains ownership over this data and may extract it from Dexibit.
If you physically visit one of these client venues or otherwise engage with it via a digital channel (such as visiting a website, downloading an app or interacting over social media), data about your visit may be shared with us. Where the source systems of this data hold personally identifiable information such as your name or email address (for example, if you submitted this information to join a membership program), we redact this data so that personally identifiable information is not stored on our systems, to respect your privacy. Other data we consider to be delicate but not identifiable is often hashed, to further protect your privacy. Where we integrate with location positioning technologies (such as WiFi) we treat this data only as aggregate traffic, pursue suitable safeguards via our security standards, do not identify this data to an individual’s behavior and do not allow reverse look up.
We retain data we receive for the length of our commitment to our customer and may share benchmark industry insights taken from aggregate data. We will not otherwise share data with third parties, however if we are required by law or believe it necessary to protect our rights, we may disclose your information to a legal process or proceeding.
We recommend to these venues that they:
- Comply with all privacy regulations applicable to their organization and consider a higher ethical standard
- Provide you with an easy to understand, accessible and up to date privacy policy that covers both your digital experience and your physical visit to the venue
- Indicate to you if the WiFi network is used for analytics purposes (including signage in the venue and notes in the WiFi access policy)
- Encourage the appointment of a privacy officer, conduct privacy audits and improvements and review privacy processes such as forget requests
- Consider providing a means for you to visit the attraction anonymously and only ask you for information they need and use it for only stated intentions
If you wish to remain anonymous during your visit, you can also select not to share your data with the venue, turn off your device’s WiFi and Bluetooth, set your web browsing to private and not download any apps provided by the venue.
You may choose to share your information with the venue, who should let you know what it will use that information for and seek your consent before using this information. If any of your personally identifiable information is collected during your visit, your express permission should be sought. Their handling of your personal information is subject to the venue’s own terms and privacy policy. Where your digital visit involves a third party solution, such as an app or social media, their handling of your personal information may be subject to the third party’s terms and privacy policies too.
Any questions about your privacy at an attraction you have visited should be directed to that organization in the first instance.
Browsing our website
When you visit our website we record anonymous information about your visit to better the information we provide. We use cookies (data stored on your device to collect website usage data), however these are not required to view our website and you can adjust your browser to decline. When you request a resource, register for a free trial or make an enquiry, we will collect and store personal information such as your name, organization and contact details. We will use this information to provide you with the information you have requested and follow up with you on your experience.
Subscribing to our newsletters
When you subscribe to our newsletter we record your name, email address and interests to provide regular updates. You can update your information or unsubscribe at any time. If you are a shareholder, we are contractually and legally required to provide you with regular updates. We will not share your data with third parties, however if we are required by law or believe it necessary to protect our rights, we may disclose your information to a legal process or proceeding.
Using Dexibit’s software
When your organization purchases a subscription to Dexibit as a client venue, we record personal information to aid communication, provide the services and complete billing.
In becoming a user we record your name, email address, venue and role. You will receive an email notification to confirm your subscription and be able to access your data to update it. You can elect to provide additional information such as a profile picture and your preferences. We use this information to provide you with access to Dexibit and to personalize the content we show you. If you no longer wish to be a user of Dexibit, your account administrator can remove your access.
When you login to Dexibit or otherwise use our software we record identifiable information about your usage to better the software we provide, as a function of data audit controls which provide a history of what data has been added, edited, viewed or deleted and to provide support. We may use cookies (data stored on your device to collect website usage data) and login information to understand how you use Dexibit, personalize the content we show you and remember your preferences. We will also use your data to provide secure authentication.
Your Dexibit settings let you decide whether you wish to receive additional notifications, such as automated reports via email. Your colleagues may also send you notifications via Dexibit. Your account administrator will be able to see your information, edit it on your behalf or adjust your access. Our system administrators will also be able to see your information, edit it on your behalf or adjust your access in order to provide you with our services.
We will not share your data with third parties, however if we are required by law or believe it necessary to protect our rights, we may disclose your information to a legal process or proceeding.
Integrating third party systems to your Dexibit account
We receive information about you when you or your administrator integrate third-party apps, like Google, or link a third party service withDexibit. You or your administrator may integrate Dexibit with other services you use, such as to allow you to access, store and share certain content through Dexibit. For example, you may authorize Dexibit to access, display and store customer reviews about your business from a third party service such a Google My Business. The information we receive when you link or integrate our Services with a third party service depends on the settings, permissions and privacy policy controlled by that third party service. You should always check the privacy settings and notices in these third party services to understand what data may be disclosed to us or shared with Dexibit.”
Dexibit and the cloud
Because our website and software are managed on the cloud, data is transmitted across the Internet and stored in our servers hosted with Amazon Web Service (AWS) in the United States or processed by our partners such as Google Analytics who access data on our behalf to provide us with services bound by confidentiality and security commercial requirements. As we are a global business, we may need to send your information to our teams in various countries to provide our services, including engineering in New Zealand and customer service in the United States. We have taken steps to protect your information, however the security of information on the Internet cannot be guaranteed and if you are not satisfied with this risk, you should not share your information with us.
Your rights and responsibilities
By emailing privacy@dexibit.com, you can always contact us to:
- Access your own personally identifiable information
- Make amendments to your own personally identifiable information
- Ask us to remove your own personally identifiable information
You can always choose not to use Dexibit or not to share your personal information. You can also file a query if you need to clarify any aspect of our privacy policy or make a complaint if you are unhappy about the way we have treated your own personally identifiable information. Our complaint procedure involves acknowledging our receipt of your complaint within 45 days, providing an escalation process to attempt resolution and facilitating an Alternate Dispute Resolution (ADR) at no cost to you where applicable under our obligations, with a binding arbitration mechanism made available as a last resort.
Dexibit is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
What you need to do:
- Make sure to keep your Dexibit login credentials safe and notify us as soon as you are aware your security may be at risk
- Be responsible for keeping your information up to date
- If you ever need to share information with us on another person (such as adding new users), you need to ensure you have their consent
If Dexibit is involved a merger, acquisition or asset sale, your data may be transferred as part of that transaction and this policy will apply to your data under the new entity.