- “Customer Data” refers to information and data received, processed, maintained, or transmitted on behalf of a customer by Infrascale, Inc. (referred to herein as “SOS Online Backup”) when delivering Services to a customer or other information and data customers otherwise provide to us. For instance, Customer Data includes data customers upload to our Services for backup, archival, or failover purposes. It also includes Personal Information about customer representatives. Finally, “Customer Data” includes metadata and other system data generated by our systems in connection with the delivery of Services.
- “Personal Information” refers to information we collect in connection with (i) our website, (ii) offline collection methods such as events, surveys, questionnaires and the like, (iii) third-party sources, including business partners, ad networks, vendors and other third-party sources, or (iv) your communications with us.
EU-US AND SWISS-US PRIVACY SHIELD CERTIFICATION.
- Our accountability for personal data that we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process the personal data on our behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
- We encourage European individuals (including Swiss individuals) to contact us should you have a Privacy Shield-related (or general privacy-related) complaint at email@example.com. We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles or the Swiss-US Privacy Shield Principles to the American Arbitration Association. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://go.adr.org/privacyshield for more information and to file a complaint. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. We are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
- Finally, we commit to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
TYPES OF DATA AND INFORMATION WE COLLECT.
- We provide our customers with data backup, archiving, and failover solutions with offerings that include hardware, software, and cloud-hosted functionality. Our applications help customers to manage disaster recovery and business continuity functions while increasing the efficiency of data storage via de-duplication of data. Our solutions work with private, public, and cloud facilities hosted by us.
- In general, we collect two categories of Customer Data. First, we collect data processed by our hardware and applications for backup, archival, or failover purposes. If the customer is using our cloud, we also host this Customer Data. Second, we collect Customer Data relating to customer accounts and their management. For instance, we collect Personal Information about representatives and contacts at our customer organizations, including their contact information (name, address, telephone numbers, and email addresses), job title, and name of employer. We also collect payment card information for processing payments for Products and Services.
- We also generate Customer Data in the form of metadata and system data in connection with the delivery of our Services.
- We collect information from users of our website via web forms and other communications as described in Section 5 below.
OUR ROLE AS A DATA PROCESSOR.
- If and when customers upload Customer Data containing personally identifiable information to the Services, it is the customers that are data controllers with respect to such personally identifiable information. That is, the customer has the direct contact with the individuals whose personally identifiable information was uploaded to the applicable Service. Customers are the ones who would collect the personally identifiable information from their customers, personnel, patients, or other data subjects. We have no such contact with these individuals.
- We may process any personally identifiable information, among other data, when customers use the Services for backup, archiving, and failover purposes. When performing Services, we process data strictly in accordance with the actions or instructions of the applicable customer.
- As a data processor, with certain exceptions, we have an obligation under our agreement with the customer not to disclose or otherwise transfer data to a third party except to provide the Services or if the customer has instructed us to disclose or transfer the data. Except as noted below, we process any personally identifiable information and other Customer Data solely for the purpose of delivering Services to customers. We may use third party data processors to assist us in delivering the Services to our customers.
HOW WE COLLECT CUSTOMER DATA AND PERSONAL INFORMATION.
- Data Collected by Our Solutions. We receive Customer Data from customers’ systems when they use our Services for backup, archiving, and failover purposes or otherwise transmit Customer Data to us.
- Account-Related Information. We receive account-related contact information from customer representatives and contacts when they provide it to us. Customer representatives may provide us with payment card information in order to pay for our Services. We may also obtain biographical information about representatives and contacts through our review of information they post to the Internet. We may obtain additional information about our customer representatives from public sources and third-party databases.
- Personal Information Sent via Our Website and Email. We will collect the Personal Information of website visitors who complete web forms to communicate with us to submit a support ticket or use the chat function to communicate with a support representative. When a customer submits a ticket or chats with a support representative, we collect information such as name, contact information (email and phone), account user name, and comments. On our website, we also encourage website visitors to send us email inquiries, both to learn about our Products and Services and to consider careers with us. If you send us email, we will collect whatever Personal Information you include in your email. If a communication prompts follow-up communications, we may collect additional information that you provide to us.
- Cookies, Beacons and Pixels.
- Our emails to you use email beacons or tracking pixels. Email beacons and tracking pixels are small electronic images that tell us if an email has been opened and acted upon.
- Website Data. We also review information logged by our web servers to understand our website visitors better. It is very common for websites to collect these kinds of logs. For example, we collect information such as your Internet Protocol address, your location, domain name, the type of web browser and operating system you are using, the pages on our websites that you view, when you visit, and how long you view each page visited.
- Data-Appending Methods. We may add to the information we receive from customer representatives and website users by information they provide to us at other occasions and using other means. Examples include information they provide to us at educational programs, trade shows, or meetings, as well as information gathered using other data-appending methods. We may also review and collect biographical information about representatives and users that they post to the Internet.
- Metadata and Other System Data. Our systems generate certain metadata and other system data concerning customers’ account, such as logs showing when files are transmitted to our Services and when they are recovered from our Services.
USE OF CUSTOMER DATA AND PERSONAL INFORMATION.
- Data Collected by Our Solutions. We process Customer Data collected by our Services for the purpose of delivering backup, archiving, and failover services and functionality to our customers. Our systems process Customer Data to perform these functions based on the actions and instructions of our customers.
- Account-Related Information. We use account-related information in order to market our Services, establish relationships, set up our Services for customers’ use, deliver the Services, obtain payment for the Services, provide customer and technical support for the Services, and otherwise communicate with customers.
- Personal Information from Website Visitors. We will use Personal Information collected as described in Section 5(c)-(f) above solely with the objective of fulfilling those purposes specified above, unless we obtain your consent. Specifically, we may use your Personal Information to communicate with you. Our communications may relate to Products and Services or, in the case of job candidates, possible employment opportunities.
- General Use of Customer Data and Personal Information. We use Customer Data and Personal Information for the following general purposes: (i) identification; (ii) establishment and maintenance of our relationship with you, (iii) to provide you with ongoing news, publications and information, to respond to your requests and inquiries, to fulfill your requests to register for Services, use our Products and Services, request publications or other information from us, sign up for newsletters, and obtain or provide user access credentials; (iv) marketing purposes, such as your activity, browsing, and usage information concerning our websites and/or your demographic information that you may have voluntarily provided to us, in order to better tailor our marketing activities and to implement and maintain loyalty programs; (v) providing information to third-party administrators or other providers necessary to optimize our Services and operation of our website; (vi) maintaining business records for reasonable periods, and generally managing and administering our business; (vii) meeting legal, regulatory, insurance, security, and processing requirements and court or administrative orders; and (viii) otherwise with consent or as permitted or required by law. We may keep any and all of the Customer Data and your Personal Information on hand for as long as permitted by law for any and all of the purposes described in this Section.
- Metadata and Other System Data. We use metadata and other systems data to manage Services and deliver Services to customers.
YOUR CHOICES REGARDING CUSTOMER DATA AND PERSONAL INFORMATION.
We offer you choices regarding the collection, use, and sharing of Customer Data and your Personal Information.
- You may change the information you submitted when registering for or using the Services or by contacting us at firstname.lastname@example.org. You may request deletion of your Personal Information by us, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request, only after we have fulfilled such requirements).
THIRD PARTY HOSTING OF CUSTOMER DATA.
- We use certain third party service providers to host and maintain Customer Data that we may receive from you. More specifically, we may use Amazon Web Services, Google Cloud Platform and other cloud platform providers to host our cloud solutions and to collect and maintain Customer Data uploaded to our Services. In addition, we upload some account-related information to cloud service providers to maintain and analyze information about our relationships with our customers, undertake our marketing campaigns, and provide customer and technical support.
DISCLOSURE OR TRANSFER OF CUSTOMER DATA OR PERSONAL INFORMATION.
- Customer Data and Personal Information may be disclosed to: (i) our employees, agents, representatives, advisors, affiliates, and independent contractors, in connection with their performance of services for or on behalf of our customers; and (ii) service providers who help us with our business operations, sales and marketing, information technology, or professional services.
- We do not sell or rent Customer Data or Personal Information to anyone. Nonetheless, we may sell, transfer, or otherwise share some or all of our assets in connection with a merger, acquisition, reorganization, or sale of assets of our business, or in the event of bankruptcy. These assets may include Customer Data or Personal Information collected by us as described above.
- Also, we may disclose Customer Data or Personal Information when required by a subpoena, court order, search warrant, other legal process, requests by law enforcement agencies, or applicable law. Moreover, we may disclose Customer Data or Personal Information to the extent necessary to maintain the security of our websites, Products, or Services; resolve disputes; or investigate possible misconduct.
HOW WE SAFEGUARD CUSTOMER DATA AND PERSONAL INFORMATION.
- We take reasonable measures to ensure that your Customer Data and Personal Information collected, used, disclosed, or otherwise processed for us or on our behalf is protected and not used or disclosed for purposes other than as directed by us, subject to legal requirements in foreign jurisdictions applicable to those organizations. Please note that foreign jurisdictions differ in their privacy laws and some have privacy protection laws equivalent to or greater than those in the United States whereas others do not.
- We are committed to protecting Customer Data and Personal Information and preventing unauthorized disclosure, use, modification, or access of or to Customer Data and Personal Information. In specific, we are committed to maintaining reasonable and appropriate administrative, physical, and technical safeguards to:
- Provide assurances of the integrity and confidentiality of Customer Data and Personal Information.
- Protect Customer Data and Personal Information against any reasonably anticipated threats or hazards to the security or integrity of Customer Data or Personal Information, and unauthorized uses or disclosures of them, and
- Maintain compliance with the legal framework of requirements for the privacy and security of Customer Data and Personal Information.
YOUR RIGHT TO ACCESS PERSONAL INFORMATION AND CUSTOMER DATA AND TO MAKE CHANGES.
- Customer Data. The Services provide functionality to access and update Customer Data uploaded by customers. Using our Services, customers can view, update, append, and correct Customer Data uploaded to our Services or their own public or private cloud solutions. Customers requiring assistance accessing and changing such Customer Data via the Services can contact technical support for assistance by chatting with a support representative or completing a support ticket on our website at: https://www.sosonlinebackup.com/support/.
- Personal Information or Account-Related Information. If you would like to access Personal Information or Customer Data we may have to support your account, please contact us at email@example.com or by phone at one of the phone numbers at https://www.sosonlinebackup.com/support/.
- Access to your Personal Information or Customer Data. You have the right to know what Personal Information and Customer Data about you is included in our databases and to ensure that such Personal Information and Customer Data is accurate and relevant for the purposes for which we collected it. You may review your own Personal Information or Customer Data stored in the databases and correct, erase, or block any data that is incorrect, as permitted by applicable law and our policies. Upon reasonable request and as required by law, including but not limited to the Privacy Shield Principles, we allow you to access your Personal Information and Customer Data, in order to correct or amend such data where inaccurate. In such cases, you may edit your Personal Information or Customer Data by logging into your account profile or by contacting us by phone or email. In making modifications to your Personal Information or Customer Data, you must provide only truthful, complete, and accurate information. To request erasure of Personal Information or Customer Data, you should submit a written request to us as set forth in Section 14.
- Requests for Personal Information or Customer Data. We will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (i) legally binding request for disclosure of Personal Information or Customer Data by a law enforcement authority unless prohibited by law or regulation; or (ii) requests received from you. If we receive a request for access to your Personal Information or Customer Data from a third party, then, unless otherwise required under law or by contract with such third party (and in compliance with this policy), we will not provide any Personal Information or Customer Data but will refer you to the third party.
- Satisfying Requests for Access, Modifications, and Corrections. We will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Information or Customer Data.
- Our Services are not directed to individuals under 13 and we do not knowingly collect Personal Information from children under 13.
- If you become aware that a child has provided us with Personal Information, please contact us at firstname.lastname@example.org.
- If we become aware that a child under 13 has provided us with Personal Information, we will take steps to delete such information immediately.
DO NOT TRACK COMPLIANCE.
- Our website does not respond to Do Not Track (“DNT”) signals.
- We do not track the users of our website across third party websites to provide targeted advertising directly to those websites.
CONTACT INFORMATION AND RESOLVING DISPUTES.
SOS Online Backup
12110 Sunset Hills Road, Suite 600
Reston, VA 20190
United States of America
- If you have a complaint about our privacy practices, you may submit a complaint to us at the above contact information. Our privacy team will look into your complaint and provide a response. You will need to provide sufficient information for us to evaluate your complaint and we may ask you to provide additional information as a condition of evaluating your complaint.
- If you do not believe that your complaint or dispute has been resolved and you are a European or Swiss individual, you may contact the International Centre for Dispute Resolution (ICDR) of the American Arbitration Association at: http://go.adr.org/privacyshield. As set forth above, we have designated ICDR as our independent recourse mechanism for our participation in the EU-US and Swiss-US Privacy Shield Programs. The ICDR will provide independent dispute resolution services to resolve complaints or disputes about our privacy practices. Procedures for contacting ICDR and filing a claim are linked to the website listed above.
NOTICE TO NEVADA RESIDENTS.
- Under Nevada SB 220, Nevada residents have the right to opt out of the sale of their Covered Information (as such term is defined under Nevada law). As noted above, we do not sell your information. However, if you are a Nevada resident, you may submit a required to opt out of future sales by us by writing to us at email@example.com. We will maintain your request in the event our practices change in the future. Should your email address change, please submit a new request to firstname.lastname@example.org with your new email address. We reserve the right to take reasonable steps to verify your identity and the authenticity of the request.
Last revised November 1, 2020.