ShareFile Safe Harbor Privacy Policy

Effective Date: 01/24/2012

Citrix ShareFile respects your concerns about privacy. ShareFile has certified that it abides by the Safe Harbor privacy principles as set forth by the U.S. Department of Commerce regarding the collection, storage, use, transfer and other processing of Consumer Personal Data transferred from the European Economic Area (“EEA”) or Switzerland to the United States. This Policy outlines our general policy and practices for implementing the Safe Harbor privacy principles for covered Personal Data.

ShareFile complies with the U.S. – E.U. Safe Harbor framework and the U.S. – Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from European Union member countries and Switzerland. ShareFile has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor program and to view ShareFile’s certification, please visit http://www.export.gov/safeharbor/.

For purposes of this policy:

“Consumer” means any natural person located in the EEA or Switzerland who is a prospective or actual user of ShareFile’s products or services or whose Personal Data may be stored by a Customer using ShareFile’s products or services. Consumer includes any Customer who is natural person located in the EEA or Switzerland.

“Customer” means any individual or entity that registers for or purchases ShareFile’s products or services.

“Personal Data” means any information, including Sensitive Data, that (i) is transferred to ShareFile in the U.S. from the EEA or Switzerland, (ii) is recorded in any form, (iii) relates to an identified or identifiable Consumer, and (iv) can be linked to that individual.

“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

ShareFile’s Safe Harbor certification can be found at https://safeharbor.export.gov/list.aspx. For more information about the Safe Harbor principles, please visit http://www.export.gov/safeharbor. For more information about ShareFile’s processing of Personal Data collected from Consumers on www.sharefile.com, please visit ShareFile’s Online Privacy Policy.

How ShareFile Obtains Personal Data

ShareFile is in the business of providing Internet-based data storage and transfer resources. In connection with the registration and payment processes for ShareFile’s products and services, ShareFile obtains Personal Data about Consumers.

ShareFile also collects Personal Data from Consumers when a Consumer visits ShareFile’s website at www.sharefile.com (the “Site”) and provides Personal Data to ShareFile on or through the Site. In addition, ShareFile obtains Personal Data, such as contact information, in connection with maintaining its Customer relationships and providing products and services to its Customers.

In connection with providing its products and services on behalf of its Customers, ShareFile may access or obtain certain Consumer Personal Data for storage, backup, maintenance, marketing, general communications and administration purposes. In connection with these offerings, ShareFile acts as a service provider to its Customers and pursuant to their instructions.

ShareFile’s practices regarding the collection, storage, use, transfer and other processing of Personal Data comply, as appropriate, with the Safe Harbor principles of notice, choice, onward transfer, access, security, data integrity, and enforcement and oversight.

Notice

ShareFile provides information in its Online Privacy Policy available at http://www.sharefile.com/privacy regarding its practices related to Personal Data collected on the Site, including the purposes for which ShareFile collects and uses Consumer Personal Data it collects on the Site. In circumstances in which ShareFile acts as a service provider for its Customers, ShareFile’s Customers are responsible for providing appropriate notice to their Consumers whose Personal Data are transferred to the U.S. and obtaining any requisite consent.

Relevant information also may be found in privacy notices pertaining to specific data processing activities.

Choice

In circumstances in which ShareFile collects Personal Data directly from Consumers, it offers Consumers the opportunity to choose whether ShareFile may (i) disclose their Personal Data to certain third parties or (ii) use their Personal Data for a purpose that is incompatible with the purpose for which the information was originally collected or subsequently authorized by the individual. Consumers may contact ShareFile as indicated below regarding the company's use or disclosure of their Personal Data.

In circumstances in which ShareFile maintains Personal Data about Consumers with whom ShareFile does not have a direct relationship because ShareFile obtained or maintains the Consumers’ data as a service provider for its Customers, ShareFile’s Customers are responsible for providing the relevant individuals with certain choices with respect to the Customers' use or disclosure of the individual’s Personal Data.

ShareFile may disclose Personal Data without offering an opportunity to opt out (i) to service providers the Company has retained to perform services on its behalf, (ii) if it is required to do so by law or legal process, (iii) to law enforcement or other government authorities, or (iv) when ShareFile believes disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity. ShareFile also reserves the right to transfer Personal Data in the event it sells or transfers all or a portion of its business or assets (including in the event of a reorganization, dissolution or liquidation). Should such a sale or transfer occur, ShareFile will use reasonable efforts to direct the transferee to use the Personal Data in a manner that is consistent with ShareFile’s privacy policies. ShareFile uses Personal Data only for the purposes indicated in this Policy or the Online Privacy Policy unless it has a legal basis, such as consent, to use it for other purposes. To the extent required by law, ShareFile obtains prior opt-in consent at the time of collection for the processing of (i) Personal Data for marketing purposes and (ii) Sensitive Data, to the extent that ShareFile collects any Sensitive Data.

Onward Transfer of Personal Data

ShareFile may share Consumer Personal Data with third parties as indicated in the “Choice” section above. Except as permitted or required by applicable law, ShareFile requires third parties to whom it discloses Personal Data and who are not subject to the European Union Data Protection Directive 95/46 or an adequacy finding to either (i) subscribe to the relevant Safe Harbor principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Safe Harbor principles.

Access

Where appropriate, ShareFile provides Consumers with reasonable access to the Personal Data ShareFile maintains about them. ShareFile also provides a reasonable opportunity for Consumers to correct, amend or delete that information where it is inaccurate, as appropriate. ShareFile may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Safe Harbor principles. The right to access personal information also may be limited in some circumstances by local law requirements. Consumers may request access to their Personal Data by contacting ShareFile as indicated below. We will respond to all access requests within 30 days.

In circumstances in which ShareFile maintains Personal Data about Consumers with whom ShareFile does not have a direct relationship because ShareFile obtained or maintains the Consumers’ data as a service provider for its Customers, ShareFile’s Customers are responsible for providing Consumers with access to the Personal Data and the right to correct, amend or delete the information where it is inaccurate. In these circumstances, Consumers should direct their questions to the appropriate ShareFile Customer. When a Consumer is unable to contact the appropriate Customer, or does not obtain a response from the Customer, ShareFile will provide reasonable assistance in forwarding the individual’s request to the Customer.

Security

ShareFile takes reasonable precautions to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction.

Data Integrity

ShareFile takes reasonable steps to ensure that the Personal Data the company processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current. In this regard, ShareFile depends on its Consumers and Customers (with respect to Personal Data of Consumers with whom ShareFile does not have a direct relationship) to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals. Consumers (and Customers, as appropriate) may contact ShareFile as indicated below to request that ShareFile update or correct relevant Personal Data.

Enforcement and Oversight

ShareFile has established procedures for periodically verifying implementation of and compliance with the Safe Harbor principles. ShareFile conducts an annual self-assessment of its Personal Data practices to verify that the attestations and assertions the company makes about its privacy practices are true and that the company’s privacy practices have been implemented as represented.

Consumers may file a complaint concerning ShareFile’s processing of their Personal Data with ShareFile’s Privacy Officer, whose contact information is below. Please contact ShareFile as specified below to address any complaints regarding the company’s Personal Data practices. If you do not receive acknowledgement of your inquiry or your inquiry has not been satisfactorily addressed within 30 days, you should contact TRUSTe here. TRUSTe will then serve as a liaison with us to resolve your concerns.

In circumstances in which ShareFile maintains Personal Data about Consumers with whom ShareFile does not have a direct relationship because ShareFile obtained or maintains the Consumers’ data as a service provider for its Customers, Consumers may submit complaints concerning the processing of their Personal Data to the relevant Customer, in accordance with the Customer’s dispute resolution process. ShareFile will participate in this process at the request of the Customer or the Consumer. If the issue cannot be resolved through the Customer’s internal dispute resolution mechanism, the Consumer may submit the complaint to the relevant data protection authority in the EEA or Switzerland.

How to Contact ShareFile

To contact ShareFile about questions or concerns about this Safe Harbor Privacy Policy or ShareFile’s practices concerning Personal Data:

  • Write to:
  • ShareFile
  • Attention: Privacy Officer
  • 120 S. West St.
  • Raleigh, NC 27603
  • USA
  • Email: privacy@sharefile.com