Axcient EU-U.S. Data Privacy Framework Policy

This EU-U.S. Data Privacy Framework Policy (“Policy”) describes how Axcient (eFolder Inc dba Axcient) and its subsidiaries in the United States (who also operate under the “Axcient” brand, so “Axcient,” “we,” or “us”) collect, use, and disclose certain personally identifiable information (“Personal Data”) that we receive in the US from the European Union (“EU”) or the United Kingdom (UK). This Policy supplements our Axcient Privacy Policy located at https://axcient.com/privacy-policy, and unless specifically defined in this Policy, the terms in this Policy have the same meaning as the Axcient Privacy Policy.

Axcient complies with the EU-U.S. Data Privacy Framework, including the UK extension (“EU-U.S. DPF”), as set forth by the U.S. Department of Commerce. Axcient has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of Personal Data received from the European Union and UK in reliance on the EU-U.S. DPF.  If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

For purposes of enforcing compliance with the EU-U.S. DPF, Axcient is subject to the investigatory and enforcement authority of the US Federal Trade Commission.

Personal Data Collection and Use

Our Axcient Privacy Policy located at https://axcient.com/privacy-policy/ describes the categories of Personal Data that we may receive in the US as well as the purposes for which we use that Personal Data. Please note that we may receive the following categories of Personal Data in the US: personal contact data, customer data, records relating to the provision and use of our products and services, correspondence, device and browser data, and analytics data.

We may process Personal Data for the following purposes: to provide our website and services to you; to maintain, analyze, and improve your experience on our website and services; to communicate with you and provide customer and technical support; to monitor and enforce our contracts and legal terms; to detect and prevent fraud; and to fulfill the purpose for which you provided your information to us; and for other purposes as set forth in our Axcient Privacy Policy. Axcient will only process Personal Data in ways that are compatible with the purpose that Axcient collected it for, or for purposes the individual later authorizes.

Before we use your Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will (at a minimum) provide you with the opportunity to opt out. Axcient maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.

Data Transfers to Third Parties

Third-Party Agents or Service Providers. We may transfer Personal Data to our third-party agents or service providers who perform functions on our behalf as described in our Privacy Policy. We take reasonable and appropriate steps to ensure that third-party agents and service providers process Personal Data in accordance with our EU-U.S. DPF obligations and to stop and remediate any unauthorized processing.

Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them.

Disclosures for National Security or Law Enforcement. Under certain circumstances, Axcient may be required to disclose your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Axcient may make additional disclosures as indicated in its Privacy Policy. In the context of an onward transfer of your personal information, Axcient remains responsible for the processing of personal information we receive under the DPF Principles and subsequently transfers to a third party acting as an agent on our behalf. As required by law, Axcient remains liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless another party is responsible for the event giving rise to the damage.

Access Rights

Pursuant to the EU-U.S. DPF, EU and UK individuals have the right to obtain our confirmation of whether we maintain Personal Data relating to you in the United States. Upon request, we will provide you with access to the Personal Data that we hold about you. You may also correct, amend, or delete the Personal Data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the EU-U.S. DPF, should direct their query to privacy@axcient.com. If requested to remove data, we will respond within a reasonable timeframe.

Please note that, in some cases, personal data is processed on behalf of our business Customers. To the extent that our business Customers control your personal data, the exercise of your rights may be coordinated directly with such business Customer.

We do not collect sensitive personal data on our own behalf. To the extent that our business Customers collect and control sensitive personal data (if any), we are committed to limiting our use and sharing of such data in accordance with law. We do not share such sensitive personal data third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. We will provide an individual opt-out choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To make a request to limit the use and disclosure of your Personal Data, please submit a written request to privacy@axcient.com. Axcient may limit its response to your exercise of rights as permitted by law.

Questions or Complaints

Axcient has further committed to refer unresolved privacy complaints under the DPF Principles to JAMS an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/DPF-Dispute-Resolution  for more information and to file a complaint. This service is provided free of charge to you.

Binding Arbitration. Under certain conditions, you may invoke binding arbitration for complaints regarding EU-U.S. DPF compliance not resolved by any of the other DPF mechanisms. To understand when such terms apply, please see Annex I of the DPF here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.