Last Revised: September 1, 2023
Elastifile Ltd. and its subsidiaries (collectively “Elastifile”, “Company” “we” or “us”) respects the privacy of its users (“User” or “you”) in connection with their use of our website (“Site”), software products (the “Software”), and related services (the “Services”). We are committed to protect the Service Data that you share with us, and believe that you have a right to know our practices regarding information we may collect or access when you use or interact with our Services.
1. YOUR CONSENT
Please note: you are not obligated by law to provide us with any Service Data.
2. WHAT INFORMATION DO WE COLLECT FROM OUR USERS?
We may collect two types of data and information from our Users:
a.) Non-service data– Un-identified and non-identifiable information which may be made available to us, or collected automatically via your use of the Site, Services or Software. Non-service data does not enable us to identify the person from whom it was collected, and mainly consists of aggregated, statistical or otherwise any technical information and behavioral analysis which is not associated with any identified or identifiable individual. Such Non-service data may contain, among other things, aggregated information concerning users’ operation system and browsers, smart-phone and OS’s version, screen resolution, duration of usage of the Site or Services, click-stream, keyboard language, etc.
b.) Service Data– Individually identifiable information, namely information that identifies an individual or may with reasonable efforts or together with additional information we have access to, enable the identification of an individual, or may be of private or sensitive nature, such as:
- Contact details you provide us when you use our Services, including: name, company name, email address, phone number, country, etc.
- Billing information
- Content of customer support communications. When you request us to provide you with support we may at times require you to provide more detailed logs of your usage of our Software or Services in order to provide such support. Please note that these logs may contain the name of files you transmit and manage using our Software and Services.
- Information regarding your interaction with our Services, Software and our Site, including: Device ID or unique identifier, device type, unique device token, operating system, information regarding your clicks, views and engagement, logs and trace information regarding your use of our Services, information concerning your traffic to and from the Site, your referral URL, ad data, your IP address, your browsing history, your web log information, and your location information, including location information from your mobile device or as can be derived from your IP address.
For avoidance of doubt, any Non-Service Data connected or linked to any Service Data shall be deemed as Service Data as long as such connection or linkage exists.
TO THE EXTENT THAT YOU PROVIDE US ANY SERVICE DATA IN CONNECTION WITH ANY THIRD PARTY, INCLUDING ANY OF YOUR CUSTOMERS, EMPLOYEES OR END-USERS (COLLECTIVELY, “END USERS”) YOU ARE SOLELY RESPONSIBLE TO RECEIVE AND HEREBY REPRESENT AND UNDERTAKE TO HAVE RECEIVED THE CONSENT, AUTHORITY, PERMISSION AND APPROVAL OF SUCH PERSON AND PROVIDED THEM WITH SUFFICIENT DISCLOSURES, TO ALLOW THE USE OF SUCH SERVICE DATA, AND TO ALLOW ELASTIFILE TO ACCESS, STORE, COLLECT, ANALYZE AND PROCESS SUCH SERVICE DATA AS DETAILED HEREIN.
3. HOW DO WE COLLECT INFORMATION ON OUR USERS?
There are two main methods we use:
- We collect information through your use of the Site, Services and Software. In other words, when you are using the Site, Services or Software we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services, as detailed below.
- We collect information which you provide us voluntarily. For example, we collect Service Data which you voluntarily provide when you open a User account or fill in a “Request a Demo” form.
4. WHY DO WE COLLECT INFORMATION ON OUR USERS?
- Your consent: We ask for your agreement to process your information for specific purposes and you have the right to withdraw your consent at any time.
- Providing the Site, Services and Software: We collect and process yourService Data in order to provide you with the Site, Services and Software, and to maintain and improve the Site, Services and Software.
2. Non-service data and Service Data is collected in order to:
- facilitate, operate, and provide our Site, Services and Software;
- verify the identity of our Users;
- further develop, customize and improve our Site, Services and Software and to provide you with any enhanced Site, Services and Software;
- provide our Users with ongoing customer assistance and technical support;
- be able to contact our visitors and Users with general and personalized service-related notices, surveys and promotional messages (as further detailed in Section 15 below);
- create aggregated statistical data and other aggregated and/or inferred Non-service data, which we may use to operate and improve our respective services;
- manage and assess risk, enhance our data security and fraud prevention capabilities, and help protect against error, fraud or any illegal or prohibited activity;
- act as permitted by, and to comply with, any legal or regulatory requirements; and
- comply with any applicable rule or regulation and/or respond to or defend against legal proceedings versus us or our affiliates.
5. WHERE DO WE STORE SERVICE DATA?
We maintain data centers around the world. Information regarding the Users will be maintained, processed and stored by us and our authorized affiliates and service providers in the United States, Europe and in Israel. Service Data may be processed on servers located outside of the country where our users and customers are located because Service Data is typically processed by centralized or regionalized operations like billing, support, and security.
Data protection laws vary among countries, with some providing more protection than others. Regardless of where Service Data is processed, we apply the same protections described in this Privacy Notice. We also comply with certain legal frameworks relating to the transfer of data, such as the frameworks described below..
- Adequacy decision
The European Commission has determined that certain countries outside of the European Economic Area (EEA) adequately protect personal data, which means that data can be transferred from the European Union (EU) and Norway, Liechtenstein, and Iceland to that third country without any further safeguard being necessary. The UK and Switzerland have approved similar adequacy decisions. We rely on the following adequacy decisions in some cases:
- Standard contract clauses
Standard contractual clauses (SCCs) are written commitments between parties that can be used as a ground for data transfers from the EU to third countries by providing appropriate data protection safeguards. SCCs have been approved by the European Commission and can’t be modified by the parties using them (you can see the SCCs adopted by the European Commission here, here, and here). Such clauses have also been approved for transfers of data to countries outside the UK and Switzerland. We rely on SCCs for our data transfers where required. If you want to obtain a copy of the SCCs, you can contact us via our contact email address below.
- Data Privacy Framework
As described in our parent company Google LLC’s Data Privacy Framework certification, we comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework ( collectively the “Data Privacy Framework” or “DPF”), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information received in the U.S. from the European Union (including the European Economic Area), the United Kingdom, and Switzerland in reliance on the DPF. Google LLC and its wholly-owned U.S. subsidiaries (unless explicitly excluded), including Elastifile, has certified to the Department of Commerce that it adheres to the DPF Principles. Elastifile remains responsible for any of your personal information that is shared under the Accountability for Onward Transfer Principle with third parties for external processing on our behalf, as described in the “How We Share Data” section. To learn more about the DPF certification program, and to view our parent company Google LLC’s certification, please visit the Data Privacy Framework website.
If you have an inquiry or complaint regarding our privacy practices in relation to our DPF certification, we encourage you to contact us at email@example.com. Google is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). You may also refer a complaint to your local data protection authority and we will work with them to resolve your concern. In certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Data Privacy Framework Principles.
6. NON-SERVICE DATA AND SERVICE DATA OF THIRD PARTIES
To the extent we process any Service Data on your behalf when performing the Services, you shall be deemed the data controller and we shall be deemed a data processor, and in any such case: (i) you will collect, use, transfer and otherwise process anyService Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments, including but not limited to the data protection laws and employment laws; (ii) you shall be responsible for providing appropriate information and obtaining any required consent from End Users, including notice and consent allowing it to own, control and transfer all Service Data that is provided by End Users; (iii) you will not provide or allow us access to any personal data relating to children below the age of 16 or any other “special categories of personal data” as defined under the EU General Data Protection Regulation (the “GDPR”) without our prior written approval; and (iv) you have provided such information and obtained such consent to any processing of Service Data in accordance with any and all applicable laws.
8. SHARING INFORMATION WITH THIRD PARTIES
We may share your Service Data with third parties (or otherwise allow them access to it) only in the following manners and instances:
- Third Party Services: Elastifile has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server services, data and cyber security services, web analytics, e-mail distribution and monitoring services, and our business, legal and financial advisors (collectively, “Third Party Services”). Such Third Party Services may receive or otherwise have access to our Users’ Service Data, depending on each of their particular roles and purposes in facilitating and enhancing our Services and business, and may only use it for such purposes. Elastifile remains responsible and liable for any Service Data processing done by Third Party Services on its behalf, except for events outside of its reasonable control.
- Governmental/Law Enforcement Agencies and Legal Requests or Duties: We may disclose or otherwise allow access to your Service Data pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, counter terrorist financing verification requirements, fraud, or other wrongdoing.
- Protecting Rights and Safety: We may share your Service Data with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Elastifile, any of our Users, or any member of the general public, as required or permitted by law.
For the avoidance of doubt, Elastifile may share your Service Data in additional manners, pursuant to your explicit consent, or if we are legally obligated to do so. Additionally, we may transfer, share or otherwise use Non-service data in our sole discretion and without the need for further approval.
9. DELETION, WITHDRAWAL OF CONSENT OR MODIFICATION OF SERVICE DATA
If the law applicable to you grants you such rights, you may ask to access, correct, or delete your Service Data that is stored in our systems or that we otherwise control. You may also ask for our confirmation as to whether or not we process your Service Data or ask to withdraw any consent you have previously provided to us in connection with our use and processing of your Service Data.
Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Service Data the accuracy of which you contest while we verify the status of that data.
Subject the limitations in law, you may also be entitled to obtain the Service Data you directly provided us (excluding data we obtained from other sources) in a structured, commonly used, and machine-readable format and may have the right to transmit such data to another party.
If you wish to exercise any of these rights or withdraw your consent, please contact us at: firstname.lastname@example.org. When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your Service Data, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates, or as we are otherwise permitted under such law applicable to you.
To find out whether these rights apply to you and on any other privacy related matter, you can contact your local data protection authority if you have concerns regarding your rights under local law.
10. DATA RETENTION
We retain the Service Data we collect only for as long as needed in order to provide you with our services and to comply with applicable laws and regulations. We then either delete from our systems or anonymize it without further notice to you.
If you withdraw your consent to us processing your Service Data, we will delete your Service Datafrom our systems (except to the extent such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates).
To use the Site, Software and Services, you must be over the age of sixteen (16). Elastifile does not knowingly collect Service Data from children under the age of sixteen (16) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the Site, Software or Services.
Elastifile employs industry standard procedures and policies to ensure the safety of its Users’ Service Data, and prevent unauthorized use of any such information. Please note however, that regardless of the measures we take and the efforts we make, we cannot and we do not guarantee that unauthorized access will never occur.
13. THIRD PARTY SITES
14. SOFTWARE/SERVICE, COOKIES AND OTHER TRACKING TECHNOLOGY
We use certain monitoring and tracking technologies, including ones offered by Third Party Services. These technologies are used in order to maintain, provide and improve our Site on an ongoing basis, and in order to provide a better experience and more personalized offers, to our Users as well as to track and monitor our Users’ interaction with our offers, emails, Site, and advertisements. For example, these technologies enable us to (i) keep track of our Users’ preferences and authenticated sessions, (ii) secure our Software, Services and Site by detecting abnormal behaviors, (iii) identify technical issues and improve the overall performance of our Site, (iv) create and monitor analytics, and (v) deliver you targeted advertisements that are more tailored to you, based on your browsing activities and inferred interests.
- Cookies: A cookie is a small data file that is downloaded and stored on your computer or mobile device when you visit our Website. Learn more about cookies here: allaboutcookies.org
Learn more about your choices and how to opt-out of tracking technologies:
15. DIRECT MARKETING
Direct Marketing: You hereby agree that we may use your contact details for the purpose of informing you regarding our products and services which may interest you and commercial updates about Elastifile’s events and news appearances, and to send to you other marketing material, transmitted to the e-mail address you have provided. You may withdraw your consent via sending a written notice to Elastifile by email to the following address: email@example.com or by pressing the “Unsubscribe” button in the mail.
16. European Privacy Standards and GDPR
If European Union (EU), UK, or Swiss data protection law applies to the processing of information about you, you have certain rights, including the rights to access, correct, delete and export your information, as well as to object to or request that we restrict processing of your information.
For users based in the European Economic Area, UK, or Switzerland, the data controller responsible for Service Data is Elastifile, Inc. However, where our customer has entered into an agreement covering the ElastifileServices with a different Google affiliate, that affiliate may be processing Service Data in connection with billing for the Elastifile Services as a controller.
If you want to exercise your data protection rights with regard to information we process in accordance with this Privacy Notice and are not able to do so via the tools available to you or your organization’s administrator, you can always contact us at firstname.lastname@example.org. And you can contact your local data protection authority if you have concerns regarding your rights under local law.
In addition to the purposes and grounds described in this Privacy Notice, we may process information on the following legal grounds:
- Where necessary for the performance of a contract with you
We may process your information where necessary for us to enter into a contract with you or to comply with our contractual commitments to you.
- When we’re complying with legal obligations
We’ll process your information when we have a legal obligation to do so.
- When we’re pursuing legitimate interests
We may process Service Data based on our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. This means that we process your information in the interests of providing the Elastifile Services you request; making recommendations to optimize use of the Elastifile Services; maintaining and improving the Elastifile Services; providing and improving other services you request; assisting you; and protecting against harm to the rights, property or safety of Elastifile, Google, our users, our customers, and the public, as required or permitted by law.
For the purposes of EEA data protection law, Elastifile has appointed Google Cloud EMEA Ltd. as its local representative in the EEA. Google Cloud EMEA Ltd is located at Gordon House, Barrow Street, Dublin 4, Ireland (Registered Number: 660412). For the purposes of UK data protection law, Elastifile has appointed Google UK Ltd. as its local representative in the UK. Google UK Limited is located at Belgrave House, 76 Buckingham Palace Road, London, SW1W 9TQ, UK(Registered Number: 03977902).
Additional information (Switzerland)
If Swiss data protection law applies to the processing of your Service Data, the following additional information is relevant.
Please see the section titled ‘Where Data is Stored’ (above) for information on where we and our affiliates process Service Data. We also disclose your Service Data to service providers, partners and other recipients (see the section titled ‘How We Share Data’) that are located or process information in any country in the world.
We comply with certain legal frameworks relating to the transfer of information as set out in the section titled ‘Standard contract clauses’ (above). We may also transfer your information to a third country based on an exception provided for by the Swiss Federal Data Protection Act.
An exception may apply in the event of legal proceedings abroad, in cases of overriding public interest or if the performance of a contract with you or in your interest requires disclosure, if you have consented, if the information has been made generally available by you and you have not objected to the processing, or the disclosure is necessary in order to protect the life or the physical integrity of you or a third party and we can't get consent within a reasonable period of time, or the information originates from a register provided for by Swiss law which is accessible to the public or to persons with a legitimate interest, provided that the legal conditions for the consultation of such
register has been met in the specific case.
17. U.S. State Privacy Law Requirements
Some U.S. state privacy laws require specific disclosures. These laws may include
- California Consumer Privacy Act (CCPA);
- Virginia Consumer Data Protection Act (VCDPA);
- Colorado Privacy Act (CPA);
- Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA); and
- Utah Consumer Privacy Act (UCPA)
This Privacy Notice is designed to help you understand how Elastifile handles Service Data:
- We explain the categories of Service Data Elastifile collects and the sources of that Service Data in What Information.
- We explain the purposes for which how Elastifile collects and uses Service Data in Why Do We Collect Information on our Users above..
- We explain when Elastifile may disclose Service Data information in Sharing Information with Third Parties section. Elastifile does not sell your Service Data to any third parties. Elastifile also does not “share” your Service Data personal information as that term is defined in the California Consumer Privacy Act (CCPA).
- We explain how Elastifile retains Service Data in the Data Retention section. We maintain policies and technical measures to avoid re-identifying that information.
U.S. state privacy laws like the CCPA and VCDPA also provide the right to request information about how Elastifile collects, uses, and discloses Service Data. And they give you the right to access your Service Data, sometimes in a portable format; and correct Service Data; and to request that Elastifile delete that Service Data. They also provide the right to not be discriminated against for exercising these privacy rights.
If you have questions or requests related to your rights under the U.S. state privacy laws, you (or your authorized agent) can also contact us. And if you disagree with the decision on your request, you can ask Elastifile to reconsider it by responding to our email.
Some U.S. state privacy laws require a description of Service Data practices using specific categories. This table uses these categories to organize the information in this Privacy Notice.
18. Categories of Service Data we collect
Identifiers and similar information such as your username, name, phone number, address, and job titles, as well as unique identifiers tied to the browser, application, or device you’re using.
Demographic information, such as your preferred language and age.
Commercial information such as records of charges, payments, and billing details and issues.
Technical and operational details of your usage of Elastifile, such as information about your usage, operational status, software errors and crash reports, authentication details, quality and performance metrics, and other technical details necessary for us to operate and maintain Elastifile and related software. This includes device identifiers, identifiers from cookies or tokens, and IP addresses.
Audio, electronic, visual and similar information, such as audio recordings of your calls with our technical support providers.
Inferences drawn from the above, like aggregated performance metrics for a new product feature to determine product strategy.
Business purposes for which Service Data may be used or disclosed
Protecting against security threats, abuse, and illegal activity. Elastifile uses and may disclose Service Data to detect, prevent and respond to fraud, abuse, security risks, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, Elastifile may receive or disclose information about IP addresses that malicious actors have compromised.
Auditing and measurement. Elastifile uses Service Data for analytics and measurement to understand how our services are used, and to provide you and our customers with recommendations and tips. We may disclose non-personally identifiable information publicly and with partners, including for auditing purposes.
Maintaining our services. Elastifile uses Service Data to provide Cloud Services and related technical support, and other services you request, and ensure they are working as intended, such as tracking outages or troubleshooting bugs and other issues that you report to us.
Product development. Elastifile uses Service Data to improve Cloud Services and other services you request, and to develop new products, features and technologies that benefit our users and customers.
Use of service providers. Elastifile shares Service Data with service providers to perform services on our behalf, in compliance with this Privacy Notice and other appropriate confidentiality and security measures. For example, we may rely on service providers to help provide technical support.
Legal reasons. Elastifile also uses Service Data to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement. We provide information about the number and type of requests we receive from governments in our Transparency Report.
20. HAVE ANY QUESTIONS?
1600 Amphitheatre Parkway
Mountain View, CA 94043
and we will make an effort to reply within a reasonable timeframe.
Individuals from the EU may contact our EU representative according to Art. 27 GDPR regarding all requests related to data protection and privacy:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
Individuals from the UK may contact our UK representative according to Art. 27 UK GDPR regarding all requests related to data protection and privacy:
Google UK Limited
Belgrave House, 76 Buckingham Palace Road
London, SW1W 9TQ, UK