Axcient European Economic Area Privacy Notice
Axcient (eFolder Inc dba Axcient) offers cloud file sync, data backup, and business continuity solutions. If you are a resident of the United Kingdom (UK) or European Economic Area (EEA), the following additional EEA-specific provisions apply to our processing of your personal information. For EEA and UK residents, the provisions of this EEA Addendum prevail over any conflicting provision in our Axcient Privacy Policy.
Information We Collect
We may collect, use, store and transfer certain personal information in order to provide our services to you such as Personal Data (personally identifying information), HR Data (human resources information, Customer Data (data submitted to our services by our customers), and Customer Encrypted Data (certain data that is encrypted prior to submission to our services by our customers). For a complete list of the categories of personal data we collect and how we collect this personal information, please see the Collection and Use of Information section in our Privacy Policy. Where such information is required, we may be unable to provide you with our services unless you provide us with this information.
As you interact with our services, we will automatically collect technical personal information about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. If you disable or refuse cookies, please note that some parts of our Services may become inaccessible or not function properly. Third-party vendors, including Google, show ads sponsored by Axcient on sites on the internet. These third-party vendors use cookies to serve you ads based on your prior visits to our websites (also known as remarketing). To opt out of these third-party vendors using cookies and other non-personally identifying information, follow the link in our Privacy Policy.
We do not engage in automated decision-making, nor do we engage in profiling that results in material decisions or legal effects.
How We Use Information
The legal bases for which we collect, use, transfer or disclose your personal information include (i) where we have your consent, (ii) our legitimate interests; (iii) where we need to comply with a legal obligation, and (iv) as necessary to perform a contract.
Please note that if you choose to withdraw your consent, you may not be able to participate in or benefit from our services for which you provided consent.
As permitted by law, we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. The purposes for which we process your personal information are systematically included in the Collection and Use of Information section in the Privacy Policy. We also may use the information we obtain about you in other ways for which we provide specific notice at the time of collection.
Under some laws, we may be allowed to process information until you object to such processing by opting out, without having to rely on consent or any other of the legal bases above.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. We also collect and process personal information in our capacity as a data processor to our business customers. (This is especially true with respect to Customer Data and Customer Encrypted Data.) In that case, our business customer is responsible to have an adequate basis to support such processing.
Disclosures of Your Information
To learn more about the other categories of third parties to who your personal information is disclosed, see the Disclosures section in the Privacy Policy.
Data Retention
All personal information is retained according to our internal policies. Your personal information will not be stored for longer than necessary for the purposes for which they were collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We will take into account the length of time your personal data is required to:
• Continue to develop, tailor, upgrade, and improve our services;
• Maintain business records for analysis and/or audit purposes;
• Comply with record retention requirements under the law;
• Defend or bring any existing or potential legal claims; or
• Address any complaints regarding the services.
We may use any aggregated, anonymized data derived from or incorporating your personal information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, personal information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.
Your Rights
If you are a resident of the EEA or UK, you have certain data rights and we aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal information. If you wish to be informed what personal information we hold about you and if you want it to be removed from our systems, please contact us at privacy@axcient.com. In certain circumstances, you have the following data rights:
(i) You have the right to withdraw consent where you have previously given your consent to the processing of your personal information. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
(ii) You have the right to learn if your personal information is being processed by us, obtain disclosure regarding certain aspects of the processing, and obtain a copy of your personal information undergoing processing.
(iii) You have the right to verify the accuracy of your information and ask for it to be updated or corrected. You also have the right to request us to complete the personal information you believe is incomplete.
(vii) You have the right to receive your personal information that you have provided to us in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted without any hindrance from us, provided that such transmission does not adversely affect the rights and freedoms of others.
(viii) You have the right to complain to a data protection authority about our collection and use of your personal information. If you are not satisfied with the outcome of your complaint directly with us, you have the right to lodge a complaint with your local data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach your DPA, so please contact us in the first instance. To find your relevant data protection authority in the EEA and their contact details, please see the list at: https://edpb.europa.eu/about-edpb/about-edpb/members_en. To complain to the United Kingdom data protection authority, please follow this link: https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/. For more information, please contact your local data protection authority in the EEA or the United Kingdom. This provision is applicable provided that your personal information is processed by automated means and that the processing is based on your consent, on a contract which you are part of, or on pre-contractual obligations thereof.
You may exercise these rights free of charge unless the request is unfounded, excessive, or otherwise unreasonable, for instance because it is repetitive. To exercise these rights, you may be asked to verify your identity and/or provide other details to help respond to your request. We may limit our response to the exercise of your rights, as permitted by law. For the exercise of your rights, please contact us using the contact information provided in the Questions and Contact Information section of the Privacy Policy; please note that if you contact us where we act as a data processor to our business customers, we may refer you to such customer to exercise your rights directly with them.
International Data Transfers
We may transfer and store your personal information to countries outside of the EEA and the UK. Where these transfers are to countries that have not been found by the European Commission or UK authority to provide adequate protection, such as the United States, Axcient takes necessary measures to ensure that your personal information receives an adequate level of protection (including, for example, adherence to the Data Privacy Framework as documented in the Axcient EU-U.S. Data Privacy Framework Policy, or, where those are not available or where Axcient has not certified its compliance, the standard contractual clauses). For further information about Axcient’s international data transfer practices, please contact us using the contact details in the Questions and Contact Information section of the Privacy Policy.
Identity of Controller
eFolder Inc dba Axcient, whose mailing address is 707 17th St STE 3900, Denver, USA, 80027, manages this website. Axcient acts as a data processor for our services as provided to our business customers. Our business customers act as the data controller for Customer Data and Customer Encrypted Data and you should contact them to exercise your rights.