Collection and Use of Information
Personal Data. eFolder collects relevant Personal Data when you register and use our services or otherwise transact with eFolder, including name, phone number, mailing address, and email address. We use this information to communicate with you about our products and services or related topics, to provide technical support, to improve our products, and to provide the services you have requested, including administrative tasks such as billing and receiving payment.
HR Data. eFolder collects relevant HR Data for its employees (past and present) including name, mailing address, email address, and social security number. This information is used only within the context of the employment relationship and associated activities. eFolder is committed to cooperate with the EU authority or authorities concerned in conformity with the Supplemental Principles on Human Resources Data and the Role of the Data Protection Authorities and will comply with the advice given by such authorities.
Customer Data. Customers of eFolder may electronically submit data or information to eFolder’s products or services (“Customer Data”). eFolder uses Customer Data to provide you with the services you have requested, to prevent or resolve technical or service problems, and to provide technical support.
Customer Encrypted Data. Certain eFolder products or services allow you to encrypt data prior to transmission and then to electronically transmit such encrypted data to eFolder for long-term storage (“Customer Encrypted Data”). eFolder will not decrypt the contents of such data, except as explicitly authorized by you (for example when you use the restore functions of the software). If supported by the software, eFolder does not store your encryption key for such Customer Encrypted Data, except in an encrypted form if you choose to use the pass phrase recovery function or other authorized key management function. If you do use pass phrase recovery, your encryption key is further encrypted by the answers to your security questions. eFolder will not attempt to decrypt your encryption key or to discover the answers to your security questions. eFolder does not store the answers to your security questions in any form.
eFolder may use ancillary non-encrypted data associated with the Customer Encrypted Data, such as backup logs containing filenames, in order to provide technical support and for internal use to provide the functions of the services you request.
Products and Services Data. eFolder products and services collect product configuration, computer configuration, network statistics, and other product usage information (“Products and Services Data”). We use this information to provide certain product functions (such as reporting) as well as to provide technical support and to improve our products.
Other Data. Other non-personally identifying information that you volunteer (“Other Data”) (such as through surveys, polls, or feedback forms) will be used to improve our products and services. eFolder will not intentionally link this information to Personal Data, except to the degree necessary to contact you if you request it. If it is clear such information will be publicly posted (such as in blog comment submissions or testimonial submissions) you should not include Personal Data in your submission. We also display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at privacy.
Links to Other Websites. Our website and products may contain links to websites under the control of third parties. These websites have their own privacy policies which you should review prior to using such sites. eFolder is not responsible for such third party websites and provides links to them solely for your convenience.
Single Sign-On. You can log in to some of our websites using sign-in services such as Google or an OpenID provider. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign up form. Services like Google Apps give you the option to post information about your activities on this Web site to your profile page to share with others within your network.
Controlling your Information
Communication Preferences. eFolder may periodically send you promotional emails or newsletters. You may opt-out of these promotional emails or newsletters by following the unsubscribe instructions or link contained in all such emails we send, or by emailing support.
eFolder may also send service-related emails to inform you of product updates and operational notices. To opt-out of non-emergency service-related emails, use the Mailing Lists page in the password-protected area of our web site. Opting out of promotional or service-related emails will not affect any legal communications, emergency communications, customer service, technical support, or other transactional emails we may send.
Personal Data. The storage and processing of Personal Data by eFolder may be subject to mandatory legislation, such as the legislation based on EU Directive 95/46/EC which aims to prevent the violation of personal integrity in the processing of personal data (collectively, the “Personal Data Act”). For this purpose, you will always be considered the controller of your Personal Data, even if the processing is carried out by eFolder or any of its sub-contractors as part of our services. eFolder and any of its sub-contractors engaged for the storage and other processing are in such cases considered as your data processors (personal data assistants) and it is your sole responsibility to ensure that the processing of your Personal Data is in compliance with the Personal Data Act and other applicable legislation. A User should therefore contact the relevant data processor (usually being its employer) for questions with respect to the processing of its Personal Data. Nevertheless, a user’s Personal Data is not handled by eFolder in any different way than described herein.
Access and Choice. You may access or update your Personal Data associated with your eFolder services account using the password protected, administrative area of our web site, or by emailing us at firstname.lastname@example.org. Even upon updating or cancelling your account, we may retain Personal Data and other information in our backup or archival records. Access for individuals to change or update HR Data associated with employment by eFolder is restricted only when doing so would prevent execution of the employment contract.
Customer Data and Customer Encrypted Data. You may use the functions provided by our products and services to view, access, modify, and delete Customer Data and Customer Encrypted Data. Upon using such functions to delete such data, the data may be retained for a short period of time in case such deletion was accidental, and until all backup or archival copies are updated.
Retention. eFolder will retain Personal Data we collect from you as well as Personal Data we process on behalf of you for as long as needed to provide services to our Customers. We may also retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
Third Parties. Under no circumstances will eFolder sell, rent, or trade any collected information to third parties for their promotional purposes. eFolder may share collected information, not including Customer Data and Customer Encrypted Data, with third parties that work on eFolder’s behalf (for example, to process credit card orders). Any such third parties that work on eFolder’s behalf are required to adhere to privacy policies no less protective than those of eFolder’s own privacy policies. These companies are authorized to use your personal data only as necessary to provide these services to us.
Compliance with Law. eFolder is subject to the investigatory and enforcement powers of the FTC, the Department of Transportation or any other U.S. authorized statutory body and may disclose collected information as necessary to comply with law or law enforcement officials, such as in response to a validly issued court order, subpoena, or warrant. For questions pertaining to international data rights and responsibilities under the USA PATRIOT Act please contact email@example.com.
Change of Ownership. In the event of eFolder being acquired or merged with another entity, eFolder reserves the right to transfer all collected information to such entity. eFolder will make commercially reasonable efforts to notify you in such an event (such as by posting a notice on our web site or sending you an email).
We are committed to safeguarding your Personal Data. In order to prevent unauthorized access or disclosure, we have put in place physical, electronic, and managerial procedures meeting or exceeding industry standards and regulatory law.
Encryption and Security Technologies. eFolder employs the latest encryption and security technologies to help safeguard and monitor against unauthorized or malicious attacks. The highest levels of encryption are assured for both data at-rest and in-motion (see product details for specifications).
Physical Security. eFolder data centers are strategically located around the globe in locations that minimize risk from natural disasters and political or social related events. Physical security controls at each location includes full time guards, multi factor access and each location has power and cooling distribution with N+1 redundancy at a minimum.
Authentication. Users are identified by unique credentials and tokens to validate authenticity. Credentials are protected at eFolder using perimeter controls, and industry best practice methods such as hashing and salting. Many eFolder products offer multi factor authentication for further security.
Audits. All of eFolder’s data centers are all audited on an annual basis. Examples of available audits include the SSAE16/SOC 1, ISO 27001 verification, SOC 2, etc. (depending on the center). The results of these audits are available to our partners upon request.
eFolder does not intentionally collect Personal Data from children under 13 years old. Children under 13 should not use our web site or services or disclose any Personal Data to eFolder. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information.
Questions and Contact Information
In compliance with the Privacy Shield Principles, eFolder commits to resolve complaints about our collection or use of personal information. Please direct any questions about this policy, disputes, or complaints to firstname.lastname@example.org or by postal mail to:
707 17thStreet, Suite 3900
Denver, CO 80202
If the complaint cannot be resolved through contacting our corporate office, eFolder will cooperate with JAMS pursuant to the JAMS International Mediation Rules regarding complaints or possible binding arbitration against eFolder regarding Personal Data. JAMS International Mediation Rules are accessible on the JAMS website at https://www.jamsadr.com/. eFolder commits to cooperate with EU Data Protection Authorities and comply with their advice regarding HR Data collected in the context of the employment relationship.
eFolder will take steps to remedy any issues arising out of a failure to comply with the Privacy Shield principles. Under certain conditions, a person may invoke binding arbitration for complaints related to the Privacy Shield Principles. For more information visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
eFolder, Inc. complies with the U.S.-EU Privacy Shield Framework and the as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. eFolder has certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield program, and to view eFolder’s certification, please visit https://www.privacyshield.gov/list
Revisions to this Policy
The current policy is effective from September 17, 2018.