Elastifile Privacy Policy

Last Revised: February 3, 2021

Elastifile Ltd. and its subsidiaries (collectively "Elastifile", "Company" "we" or "us") respects the privacy of its users ("User" or "you") in connection with their use of our website ("Site"), software products (the "Software"), and related services (the "Services"). We are committed to protect the personal information that you share with us, and believe that you have a right to know our practices regarding information we may collect or access when you use or interact with our Services.

Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our Website Terms of Use at https://www.elastifile.com/terms-of-use and your Terms of Service, which this Privacy Policy is incorporated into by reference. You hereby acknowledge and agree that you are providing us with Personal Information at your own free will. You hereby agree that we may collect and use such Personal Information pursuant to this Privacy Policy and any applicable laws and regulations.

1. YOUR CONSENT

BY ACCESSING AND/OR USING THE SITE, SERVICES OR SOFTWARE, YOU AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS PRIVACY POLICY (THE "PRIVACY POLICY"), INCLUDING TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION (AS DEFINED BELOW). IF YOU DISAGREE WITH ANY TERM PROVIDED HEREIN, YOU MAY NOT USE THE SITE, THE SERVICES OR THE SOFTWARE.

Please note: you are not obligated by law to provide us with any Personal Information.

2. WHAT INFORMATION DO WE COLLECT FROM OUR USERS?

We may collect two types of data and information from our Users:

1. Non-personal Information– Un-identified and non-identifiable information which may be made available to us, or collected automatically via your use of the Site, Services or Software. Non-personal Information does not enable us to identify the person from whom it was collected, and mainly consists of aggregated, statistical or otherwise any technical information and behavioral analysis which is not associated with any identified or identifiable individual. Such Non-personal Information may contain, among other things, aggregated information concerning users' operation system and browsers, smart-phone and OS's version, screen resolution, duration of usage of the Site or Services, click-stream, keyboard language, etc.

2. Personal Information– Individually identifiable information, namely information that identifies an individual or may with reasonable efforts or together with additional information we have access to, enable the identification of an individual, or may be of private or sensitive nature, such as:

• Contact details you provide us when you use our Services, including: name, company name, email address, phone number, country, etc.
• Billing information
• Content of customer support communications. When you request us to provide you with support we may at times require you to provide more detailed logs of your usage of our Software or Services in order to provide such support. Please note that these logs may contain the name of files you transmit and manage using our Software and Services.
• Information regarding your interaction with our Services, Software and our Site, including: Device ID or unique identifier, device type, unique device token, operating system, information regarding your clicks, views and engagement, logs and trace information regarding your use of our Services, information concerning your traffic to and from the Site, your referral URL, ad data, your IP address, your browsing history, your web log information, and your location information, including location information from your mobile device or as can be derived from your IP address.
• We use cookies, web beacons, unique identifiers, and similar technologies which allow us to collect information about the pages and screens you view, the links you click, and other actions you take when using or accessing our Site, all as further detailed in our Cookie Policy.

For avoidance of doubt, any Non-Personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists.

TO THE EXTENT THAT YOU PROVIDE US ANY PERSONAL INFORMATION IN CONNECTION WITH ANY THIRD PARTY, INCLUDING ANY OF YOUR CUSTOMERS, EMPLOYEES OR END-USERS (COLLECTIVELY, "END USERS") YOU ARE SOLELY RESPONSIBLE TO RECEIVE AND HEREBY REPRESENT AND UNDERTAKE TO HAVE RECEIVED THE CONSENT, AUTHORITY, PERMISSION AND APPROVAL OF SUCH PERSON AND PROVIDED THEM WITH SUFFICIENT DISCLOSURES, TO ALLOW THE USE OF SUCH PERSONAL INFORMATION, AND TO ALLOW ELASTIFILE TO ACCESS, STORE, COLLECT, ANALYZE AND PROCESS SUCH PERSONAL INFORMATION AS DETAILED HEREIN.

3. HOW DO WE COLLECT INFORMATION ON OUR USERS?

There are two main methods we use:

1. We collect information through your use of the Site, Services and Software. In other words, when you are using the Site, Services or Software we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services, as detailed below.
2. We collect information which you provide us voluntarily. For example, we collect Personal Information which you voluntarily provide when you open a User account or fill in a "Request a Demo" form.

4. WHY DO WE COLLECT INFORMATION ON OUR USERS?

1. Legal basis for collecting and processing of Personal Information. We collect, process and use your information for the purposes described in this Privacy Policy, based at least on one of the following legal grounds:

• Your consent: We ask for your agreement to process your information for specific purposes and you have the right to withdraw your consent at any time.
• Providing the Site, Services and Software: We collect and process your Personal Information in order to provide you with the Site, Services and Software, and to maintain and improve the Site, Services and Software.
• Legitimate interests: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for things like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our Site, Services or Software, protecting against harm to the rights, property or safety of our properties, or our users, or the public as required or permitted by law; Enforcing legal claims, including investigation of potential violations of this Privacy Policy; in order to comply and/or fulfil our obligation under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request, as well as our Terms of Service and Website Terms of Use, and our billing process.

2. Non-personal Information and Personal Information is collected in order to:

• facilitate, operate, and provide our Site, Services and Software;
• verify the identity of our Users;
• further develop, customize and improve our Site, Services and Software and to provide you with any enhanced Site, Services and Software;
• provide our Users with ongoing customer assistance and technical support;
• be able to contact our visitors and Users with general and personalized service-related notices, surveys and promotional messages (as further detailed in Section 15 below);
• create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we may use to operate and improve our respective services;
• manage and assess risk, enhance our data security and fraud prevention capabilities, and help protect against error, fraud or any illegal or prohibited activity;
• act as permitted by, and to comply with, any legal or regulatory requirements; and
• comply with any applicable rule or regulation and/or respond to or defend against legal proceedings versus us or our affiliates.

5. WHERE DO WE STORE PERSONAL INFORMATION?

Information regarding the Users will be maintained, processed and stored by us and our authorized affiliates and service providers in the United States, Europe and in Israel.

While the data protection laws in the above jurisdictions may be different than the laws of your residence or location, please know that we, our affiliates and service providers that store or process your Personal Information on our behalf are each committed to keep it protected and secured, pursuant to this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction.

The European Commission has approved the use of model contract clauses as a means of ensuring adequate protection when transferring Personal Information outside of the EEA. By incorporating model contract clauses into a contract established between the parties transferring Personal Information, such Personal Information is considered protected when transferred outside the EEA or the UK to countries which are not covered by an adequacy decision. Where applicable, we rely on these model contract clauses for such Personal Information transfers.

Additionally, as described in our Privacy Shield certification, we comply with the EU-U.S. and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland, respectively, pursuant to our Privacy Shield certification. Elastifile remains responsible for any of your personal information that is shared under the Onward Transfer Principle with third parties for external processing on our behalf. To learn more about the Privacy Shield program, and to view Google's certification (which includes Elastifile), please visit the Privacy Shield website.

If you have an inquiry regarding our privacy practices in relation to our Privacy Shield certification, we encourage you to contact us in accordance with Section 18 below. Elastifile is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). You may also refer a complaint to your local data protection authority and we will work with them to resolve your concern. In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.

As of July 16, 2020, we no longer rely on the EU-U.S. Privacy Shield to transfer Personal Information that originated in the EEA or the UK to the U.S.

6. NON-PERSONAL AND PERSONAL INFORMATION OF THIRD PARTIES

To the extent we process any Personal Information on your behalf when performing the Services, you shall be deemed the data controller and we shall be deemed a data processor, and in any such case: (i) you will collect, use, transfer and otherwise process any Personal Information in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments, including but not limited to the data protection laws and employment laws; (ii) you shall be responsible for providing appropriate information and obtaining any required consent from End Users, including notice and consent allowing it to own, control and transfer all Personal Information that is provided by End Users; (iii) you will not provide or allow us access to any personal data relating to children below the age of 16 or any other "special categories of personal data" as defined under the EU General Data Protection Regulation (the "GDPR") without our prior written approval; and (iv) you have provided such information and obtained such consent to any processing of Personal Information in accordance with any and all applicable laws.

7. RESERVED

8. SHARING INFORMATION WITH THIRD PARTIES

We may share your Personal Information with third parties (or otherwise allow them access to it) only in the following manners and instances:

1. Third Party Services: Elastifile has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server services, data and cyber security services, web analytics, e-mail distribution and monitoring services, and our business, legal and financial advisors (collectively, "Third Party Services"). Such Third Party Services may receive or otherwise have access to our Users' Personal Information, depending on each of their particular roles and purposes in facilitating and enhancing our Services and business, and may only use it for such purposes. Elastifile remains responsible and liable for any Personal Information processing done by Third Party Services on its behalf, except for events outside of its reasonable control.
2. Governmental/Law Enforcement Agencies and Legal Requests or Duties: We may disclose or otherwise allow access to your Personal Information pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, counter terrorist financing verification requirements, fraud, or other wrongdoing.
3. Protecting Rights and Safety: We may share your Personal Information with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Elastifile, any of our Users, or any member of the general public, as required or permitted by law.
4. Elastifile Subsidiaries and Affiliated Companies: We may share Personal Information internally within our family of companies, for the purposes described in this Privacy Policy and in accordance with Section 5 above. In addition, should Elastifile or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your Personal Information may be shared with the parties involved in such event. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have you via e-mail and/or prominent notice on our Site, Services or Software.

For the avoidance of doubt, Elastifile may share your Personal Information in additional manners, pursuant to your explicit consent, or if we are legally obligated to do so. Additionally, we may transfer, share or otherwise use Non-personal Information in our sole discretion and without the need for further approval.

9. DELETION, WITHDRAWAL OF CONSENT OR MODIFICATION OF PERSONAL INFORMATION

If the law applicable to you grants you such rights, you may ask to access, correct, or delete your Personal Information that is stored in our systems or that we otherwise control. You may also ask for our confirmation as to whether or not we process your Personal Information or ask to withdraw any consent you have previously provided to us in connection with our use and processing of your Personal Information.

Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Personal Information the accuracy of which you contest while we verify the status of that data.

Subject the limitations in law, you may also be entitled to obtain the Personal Information you directly provided us (excluding data we obtained from other sources) in a structured, commonly used, and machine-readable format and may have the right to transmit such data to another party.

If you wish to exercise any of these rights or withdraw your consent, please contact us at: privacy@elastifile.com. When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates, or as we are otherwise permitted under such law applicable to you.

To find out whether these rights apply to you and on any other privacy related matter, you can contact your local data protection authority if you have concerns regarding your rights under local law.

10. DATA RETENTION

We retain the Personal Information we collect only for as long as needed in order to provide you with our services and to comply with applicable laws and regulations. We then either delete from our systems or anonymize it without further notice to you.

If you withdraw your consent to us processing your Personal Information, we will delete your Personal Information from our systems (except to the extent such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates).

11. MINORS

To use the Site, Software and Services, you must be over the age of sixteen (16). Elastifile does not knowingly collect Personal Information from children under the age of sixteen (16) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the Site, Software or Services.

12. SECURITY

Elastifile employs industry standard procedures and policies to ensure the safety of its Users' Personal Information, and prevent unauthorized use of any such information. Please note however, that regardless of the measures we take and the efforts we make, we cannot and we do not guarantee that unauthorized access will never occur.

13. THIRD PARTY SITES

While using the Site you may encounter links to third party websites. Please be advised that such third party websites are independent sites, and we assume no responsibility or liability whatsoever with regard to privacy matters or any other legal matter with respect to such sites. We encourage you to carefully read the privacy policies and the terms of use or service of such websites.

14. SOFTWARE/SERVICE, COOKIES AND OTHER TRACKING TECHNOLOGY

We use certain monitoring and tracking technologies, including ones offered by Third Party Services. These technologies are used in order to maintain, provide and improve our Site on an ongoing basis, and in order to provide a better experience and more personalized offers, to our Users as well as to track and monitor our Users' interaction with our offers, emails, Site, and advertisements. For example, these technologies enable us to (i) keep track of our Users' preferences and authenticated sessions, (ii) secure our Software, Services and Site by detecting abnormal behaviors, (iii) identify technical issues and improve the overall performance of our Site, (iv) create and monitor analytics, and (v) deliver you targeted advertisements that are more tailored to you, based on your browsing activities and inferred interests.

Cookies: A cookie is a small data file that is downloaded and stored on your computer or mobile device when you visit our Website. Learn more about cookies here: allaboutcookies.org

Pixel Tags: Pixel tags (also commonly known as web beacons) are transparent images, iFrames, or JavaScript placed on our Website or our advertisements and emails, that our third party service providers use to understand how the Website, such advertisements and emails are interacted with.

To learn more about our use of Cookies and other tracking technology that we use please see our Cookie Policy.

Some of these tracking technologies are provided to us by our Third Party Services Providers who collect and process personal information on our behalf. These Third Party Services Providers may have direct contractual relationship with you (such as Google and Facebook). Additionally the services provided to us by such Third Party Services Providers may entail collection and processing of personal information by such Third Party Services Providers, in a scope which is broader than the scope of personal information we are eventually provided with by such Third Party Services Providers. This means that sometimes these Third Party Services Providers have more access to your personal information than we do. For example, our payment gateway service provider has access to your financial information under strict terms, while we do not receive such access at all in order to better protect your rights. To the extent you have direct contractual relationship with any of our Third Party Services Providers, any rights you may have with respect to your information, collected by such Third Party Services Providers, shall be governed by such contractual relationship. Otherwise the terms of this Privacy Policy shall fully apply.

Learn more about your choices and how to opt-out of tracking technologies:

In order to delete or block any tracking technologies, please refer to the "Help" area on your internet browser for further instructions, or learn more by visiting our Cookie Policy. You may also opt out of third party tracking technologies by following the instructions provided by each third party service provider in its privacy policy listed above or by visiting www.youronlinechoices.eu, http://optout.networkadvertising.org/?c=1#!/ or http://www.aboutads.info/choices/. Please note however that deleting any of our tracking technologies or disabling future tracking technologies may prevent you from accessing certain areas or features of our Website, or may otherwise adversely affect your user experience. Please also note that we do not respond to the ‘Do Not Track’ setting on your browser.

15. DIRECT MARKETING

Direct Marketing: You hereby agree that we may use your contact details for the purpose of informing you regarding our products and services which may interest you and commercial updates about Elastifile's events and news appearances, and to send to you other marketing material, transmitted to the e-mail address you have provided. You may withdraw your consent via sending a written notice to Elastifile by email to the following address: privacy@elastifile.com or by pressing the "Unsubscribe" button in the mail.

16. CALIFORNIA REQUIREMENTS

If the California Consumer Privacy Act (CCPA) applies to your information, we provide these disclosures so you can exercise your rights to receive information about our data practices, as well as to request access to and deletion of your information.

Elastifile does not sell your personal information. We only share your information as described in this Privacy Policy. Elastifile processes your information for the purposes described in this Privacy Policy, which include "business purposes" under the CCPA. These purposes are enumerated in this Privacy Policy.

If you have additional questions or requests related to your rights under the CCPA, see Section 18 below.

17. CHANGES TO THE PRIVACY POLICY

The terms of this Privacy Policy will govern the use of the Site, Services, and Software and any information collected therein. Elastifile reserves the right to change this policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes of this policy on the homepage of the Site and/or we will send you an e-mail regarding such changes to the e-mail address that you may have provided us with. Such substantial changes will take effect seven (7) days after such notice was provided on our Site or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated "Last Revised" date and your continued use of the Site after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

18. HAVE ANY QUESTIONS?

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email at: privacy@elastifile.com or at:
Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043
United States
and we will make an effort to reply within a reasonable timeframe.

Individuals from the EU may contact our EU representative according to Art. 27 GDPR regarding all requests related to data protection and privacy:
Google Cloud EMEA Ltd.
Gordon House, Barrow Street
Dublin 4, Ireland

Individuals from the UK may contact our UK representative according to Art. 27 UK GDPR regarding all requests related to data protection and privacy:
Google UK Limited
Belgrave House, 76 Buckingham Palace Road
London, SW1W 9TQ, UK