Effective Date: September 28, 2016
ShareFile participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. ShareFile has committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List https://www.privacyshield.gov/list.
ShareFile complies with the U.S. – Swiss Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from Switzerland. ShareFile has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield program, and to view ShareFile’s certification, please visit https://www.export.gov/safeharbor_swiss.
For purposes of this policy:
“Consumer” means any natural person located in the EEA or Switzerland who is a prospective or actual user of ShareFile’s products or services or whose Personal Data may be stored by a Customer using ShareFile’s products or services. Consumer includes any Customer who is natural person located in the EEA or Switzerland.
“Customer” means any individual or entity that registers for or purchases ShareFile’s products or services.
“Personal Data” means any information, including Sensitive Data, that (i) is transferred to ShareFile in the U.S. from the EEA or Switzerland, (ii) is recorded in any form, (iii) relates to an identified or identifiable Consumer, and (iv) can be linked to that individual.
“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
ShareFile is in the business of providing Internet-based data storage and transfer resources. In connection with the registration and payment processes for ShareFile’s products and services, ShareFile obtains Personal Data about Consumers.
ShareFile also collects Personal Data from Consumers when a Consumer visits ShareFile’s website at www.sharefile.com (the “Site”) and provides Personal Data to ShareFile on or through the Site. In addition, ShareFile obtains Personal Data, such as contact information, in connection with maintaining its Customer relationships and providing products and services to its Customers.
In connection with providing its products and services on behalf of its Customers, ShareFile may access or obtain certain Consumer Personal Data for storage, backup, maintenance, marketing, general communications and administration purposes. In connection with these offerings, ShareFile acts as a service provider to its Customers and pursuant to their instructions.
ShareFile’s practices regarding the collection, storage, use, transfer and other processing of Personal Data comply, as appropriate, with the Privacy Shield principles of notice, choice, onward transfer, access, security, data integrity, and enforcement and oversight.
Relevant information also may be found in privacy notices pertaining to specific data processing activities.
In circumstances in which ShareFile collects Personal Data directly from Consumers, it offers Consumers the opportunity to choose whether ShareFile may (i) disclose their Personal Data to certain third parties or (ii) use their Personal Data for a purpose that is incompatible with the purpose for which the information was originally collected or subsequently authorized by the individual. Consumers may contact ShareFile as indicated below regarding the company's use or disclosure of their Personal Data.
In circumstances in which ShareFile maintains Personal Data about Consumers with whom ShareFile does not have a direct relationship because ShareFile obtained or maintains the Consumers’ data as a service provider for its Customers, ShareFile’s Customers are responsible for providing the relevant individuals with certain choices with respect to the Customers' use or disclosure of the individual’s Personal Data.
ShareFile may share Consumer Personal Data with third parties as indicated in the “Choice” section above. Except as permitted or required by applicable law, ShareFile requires third parties to whom it discloses Personal Data and who are not subject to the European Union Data Protection Directive 95/46 or an adequacy finding to either (i) subscribe to the relevant Privacy Shield principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Privacy Shield principles.
Where appropriate, ShareFile provides Consumers with reasonable access to the Personal Data ShareFile maintains about them. ShareFile also provides a reasonable opportunity for Consumers to correct, amend or delete that information where it is inaccurate, as appropriate. ShareFile may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Privacy Shield principles. The right to access personal information also may be limited in some circumstances by local law requirements. Consumers may request access to their Personal Data by contacting ShareFile as indicated below. We will respond to all access requests within 30 days.
In circumstances in which ShareFile maintains Personal Data about Consumers with whom ShareFile does not have a direct relationship because ShareFile obtained or maintains the Consumers’ data as a service provider for its Customers, ShareFile’s Customers are responsible for providing Consumers with access to the Personal Data and the right to correct, amend or delete the information where it is inaccurate. In these circumstances, Consumers should direct their questions to the appropriate ShareFile Customer. When a Consumer is unable to contact the appropriate Customer, or does not obtain a response from the Customer, ShareFile will provide reasonable assistance in forwarding the individual’s request to the Customer.
ShareFile takes reasonable precautions to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction.
ShareFile takes reasonable steps to ensure that the Personal Data the company processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current. In this regard, ShareFile depends on its Consumers and Customers (with respect to Personal Data of Consumers with whom ShareFile does not have a direct relationship) to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals. Consumers (and Customers, as appropriate) may contact ShareFile as indicated below to request that ShareFile update or correct relevant Personal Data.
ShareFile is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. ShareFile complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred to the Privacy Shield Framework, ShareFile is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, ShareFile may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.