SHAREFILE

ShareFile Privacy Shield Privacy Policy

Effective Date: September 28, 2016

ShareFile participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. ShareFile has committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List https://www.privacyshield.gov/list.

 

ShareFile complies with the U.S. – Swiss Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from Switzerland. ShareFile has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield program, and to view ShareFile’s certification, please visit https://safeharbor.export.gov/swisslist.aspx.

 

For purposes of this policy:

 

“Consumer” means any natural person located in the EEA or Switzerland who is a prospective or actual user of ShareFile’s products or services or whose Personal Data may be stored by a Customer using ShareFile’s products or services. Consumer includes any Customer who is natural person located in the EEA or Switzerland.

 

“Customer” means any individual or entity that registers for or purchases ShareFile’s products or services.

 

“Personal Data” means any information, including Sensitive Data, that (i) is transferred to ShareFile in the U.S. from the EEA or Switzerland, (ii) is recorded in any form, (iii) relates to an identified or identifiable Consumer, and (iv) can be linked to that individual.

 

“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

 

How ShareFile Obtains Personal Data

ShareFile is in the business of providing Internet-based data storage and transfer resources. In connection with the registration and payment processes for ShareFile’s products and services, ShareFile obtains Personal Data about Consumers.

ShareFile also collects Personal Data from Consumers when a Consumer visits ShareFile’s website at www.sharefile.com (the “Site”) and provides Personal Data to ShareFile on or through the Site. In addition, ShareFile obtains Personal Data, such as contact information, in connection with maintaining its Customer relationships and providing products and services to its Customers.

In connection with providing its products and services on behalf of its Customers, ShareFile may access or obtain certain Consumer Personal Data for storage, backup, maintenance, marketing, general communications and administration purposes. In connection with these offerings, ShareFile acts as a service provider to its Customers and pursuant to their instructions.

ShareFile’s practices regarding the collection, storage, use, transfer and other processing of Personal Data comply, as appropriate, with the Privacy Shield principles of notice, choice, onward transfer, access, security, data integrity, and enforcement and oversight.

Notice

ShareFile provides information in its Online Privacy Policy available at http://www.sharefile.com/privacy regarding its practices related to Personal Data collected on the Site, including the purposes for which ShareFile collects and uses Consumer Personal Data it collects on the Site. In circumstances in which ShareFile acts as a service provider for its Customers, ShareFile’s Customers are responsible for providing appropriate notice to their Consumers whose Personal Data are transferred to the U.S. and obtaining any requisite consent.

Relevant information also may be found in privacy notices pertaining to specific data processing activities.

Choice

In circumstances in which ShareFile collects Personal Data directly from Consumers, it offers Consumers the opportunity to choose whether ShareFile may (i) disclose their Personal Data to certain third parties or (ii) use their Personal Data for a purpose that is incompatible with the purpose for which the information was originally collected or subsequently authorized by the individual. Consumers may contact ShareFile as indicated below regarding the company's use or disclosure of their Personal Data.

In circumstances in which ShareFile maintains Personal Data about Consumers with whom ShareFile does not have a direct relationship because ShareFile obtained or maintains the Consumers’ data as a service provider for its Customers, ShareFile’s Customers are responsible for providing the relevant individuals with certain choices with respect to the Customers' use or disclosure of the individual’s Personal Data.

ShareFile may disclose Personal Data without offering an opportunity to opt out (i) to service providers the Company has retained to perform services on its behalf, (ii) if it is required to do so by law or legal process, (iii) to law enforcement or other government authorities, or (iv) when ShareFile believes disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity. ShareFile also reserves the right to transfer Personal Data in the event it sells or transfers all or a portion of its business or assets (including in the event of a reorganization, dissolution or liquidation). Should such a sale or transfer occur, ShareFile will use reasonable efforts to direct the transferee to use the Personal Data in a manner that is consistent with ShareFile’s privacy policies. ShareFile uses Personal Data only for the purposes indicated in this Policy or the Online Privacy Policy unless it has a legal basis, such as consent, to use it for other purposes. To the extent required by law, ShareFile obtains prior opt-in consent at the time of collection for the processing of (i) Personal Data for marketing purposes and (ii) Sensitive Data, to the extent that ShareFile collects any Sensitive Data.

Accountability for Onward Transfer

ShareFile may share Consumer Personal Data with third parties as indicated in the “Choice” section above. Except as permitted or required by applicable law, ShareFile requires third parties to whom it discloses Personal Data and who are not subject to the European Union Data Protection Directive 95/46 or an adequacy finding to either (i) subscribe to the relevant Privacy Shield principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Privacy Shield principles.

Access

Where appropriate, ShareFile provides Consumers with reasonable access to the Personal Data ShareFile maintains about them. ShareFile also provides a reasonable opportunity for Consumers to correct, amend or delete that information where it is inaccurate, as appropriate. ShareFile may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Privacy Shield principles. The right to access personal information also may be limited in some circumstances by local law requirements. Consumers may request access to their Personal Data by contacting ShareFile as indicated below. We will respond to all access requests within 30 days.

In circumstances in which ShareFile maintains Personal Data about Consumers with whom ShareFile does not have a direct relationship because ShareFile obtained or maintains the Consumers’ data as a service provider for its Customers, ShareFile’s Customers are responsible for providing Consumers with access to the Personal Data and the right to correct, amend or delete the information where it is inaccurate. In these circumstances, Consumers should direct their questions to the appropriate ShareFile Customer. When a Consumer is unable to contact the appropriate Customer, or does not obtain a response from the Customer, ShareFile will provide reasonable assistance in forwarding the individual’s request to the Customer.

Security

ShareFile takes reasonable precautions to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction.

Data Integrity & Purpose Limitation

ShareFile takes reasonable steps to ensure that the Personal Data the company processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current. In this regard, ShareFile depends on its Consumers and Customers (with respect to Personal Data of Consumers with whom ShareFile does not have a direct relationship) to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals. Consumers (and Customers, as appropriate) may contact ShareFile as indicated below to request that ShareFile update or correct relevant Personal Data.

Recourse, Enforcement and Liability

ShareFile is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. ShareFile complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred to the Privacy Shield Framework, ShareFile is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, ShareFile may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Privacy Shield

If you have questions or complaints regarding our privacy policy or practices, please contact us here. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

How to Contact ShareFile

To contact ShareFile about questions or concerns about this Privacy Shield Privacy Policy or ShareFile’s practices concerning Personal Data:

Write to:

Citrix ShareFile

Attention: Privacy Officer

120 S. West St.

Raleigh, NC 27603

USA

Email : privacy@sharefile.com