Last Updated: 28 September, 2016
PART I. GENERAL INFORMATION
Our commitment to privacy
This policy covers the personal information that is collected via our websites datapipe.com, datapipe.net and their subdomains (the "Website") or through any other means, such as personal information that we process when we do business generally, or when you engage with us as a client or potential client in relation to the provision of any of our products or services (the "Services").
Introduction to Datapipe
Datapipe is a US-headquartered company which architects, deploys and manages hosting and other IT solutions for our clients. In practical terms, this means we at times act on behalf of our clients to work with third party vendors like Amazon Web Services and Microsoft to ensure that our clients have cloud solutions fit for their business purposes. We also provide a range of other services including our own data center services, systems management and IT security and compliance.
PART II. WHAT WE COLLECT AND HOW WE USE IT
Information you provide to us on the Website: In general, you can visit our publicly accessible websites without telling us who you are or revealing any information about yourself. However, you may give us personal information through our Website, for example, when you make enquiries about our Services or provide us with your contact information for the purpose of sending you white papers, signing up to our newsletter or obtaining a quote or arranging a consultation. Our clients are also able to provide us with updated billing information through our Website, if they wish to do so. When you communicate with us, we will keep copies of any communications that you send us.
We will also collect user account information (such as name, email addresses and telephone numbers) when you register an account with us. If you are an administrator or manager utilizing our Services and wish to set up accounts on behalf of other users (such as your employees), you must ensure you are fully authorized to do so, which means - for example - making sure that the individual concerned is aware of your use of their personal information, that you are lawfully entitled to disclose it to us and that they are informed of their rights in respect of that information. If you cannot ensure that such requirements are met, please do not provide us with the information.
Information we collect automatically through the website: We may also collect certain information through our Website by automated means, such as IP addresses, browser type and operating system, referring URLs, information about your visit including the URL clickstream to, through and from our Website, download errors, number of Website visits, and other page interactions. We collect this information automatically through the use of various technologies including through cookies. For further information about the cookies that we use on our website and how to exercise your cookie preferences, see our Cookies Policy.
Information which our clients provide to us. We also collect information which our clients and potential clients provide directly to us when conducting business with us. For example, we collect information when our clients (and their users) engage with Datapipe for us to provide or potentially provide Services. The types of information we may collect directly from our clients and their users may include names, usernames, email addresses, postal addresses, phone numbers, technical details of current and desired Services, policies and procedures, job titles, transactional information (including Services purchased), financial/billing information, as well as any contact or other information they choose to provide for us to undertake the Services. For example, such information will include any information that our clients instruct us to manage with respect to a third party cloud platform.
We may also collect personal information, such as your contact details, when you attend our events, take part in surveys or through other marketing interactions we may have with you.
Information we collect in the course of operating our business: We also collect information from our vendors, suppliers, consultants, professional advisers and other third parties for the purposes of managing and operating our business. For example, we will collect business contact information, financial information and other information necessary to engage our suppliers and other business partners and to evaluate their performance.
Information we may collect automatically when you use the Services. Usage information – we may keep track of user activity in relation to the types of Services our clients and their users use, the configuration of their computers, and performance metrics related to their use of the Services. Log information – we may log information about our clients and their users when you use one of the Services including Internet Protocol ("IP") address and Internet Service Provider ("ISP"). Information collected by cookies and other similar technologies – we use various technologies to collect information which may include saving cookies to users' computers. For further information about the cookies that we use on our Services and how to exercise your cookie preferences, see our Cookies Policy.
Use of information
We may use the information we collect as outlined above for the following purposes:
- Provide, operate, optimize and maintain the Website and Services;
- To deal with your online inquiries and requests, and to provide you with information, and access to resources that you have requested from us;
- Manage our Website and system administration and security;
- Improve the navigation and content of our Website;
- Process and complete transactions, and send related information, including transaction confirmations and invoices;
- Manage our clients' use of the Services, respond to inquiries and comments and provide client service and support;
- Analyze clients' use of the Services for trend monitoring, marketing and advertising purposes;
- Send clients technical alerts, updates, security notifications, and administrative communications;
- Investigate and prevent fraudulent activities, unauthorized access to the Services, and other illegal activities; and
- For other legitimate business purposes and any other purposes about which we notify clients and users.
When our clients engage us to provide the Services, we may process and store data, some of which may be personal information, on their behalf pursuant to our Services agreements with them ("Client Data"). For example, our clients may upload and store personal information on Datapipe hosted and/or managed solutions that we offer and provide to them. In such cases, we are acting as a data processor in respect of the Client Data and will process such data only on our client's behalf and strictly in accordance with their instructions. It is our clients, as the data controllers, who control the use of the account and what information is uploaded.
If you have any questions or concerns about how Client Data is handled, you should contact the relevant client directly or refer to their privacy policies.
Alternatively, if you are a client and want to find out more about the optional security controls that you have elected for your account, or other data protection provisions, you can refer to your Services agreement or other applicable contractual documents with Datapipe, or contact us for further information.
Sharing and disclosure of information to third parties
We may share and disclose information about our clients and their users in the following circumstances:
- Vendors, consultants and other third party service providers – we may share information with third party vendors, consultants and other service providers who require access to your information to assist in the provision of the Website and the Services. In particular, where clients have requested that we deploy cloud services with a third party infrastructure provider (for example, AWS or Microsoft Azure), we will disclose certain limited client information to that infrastructure provider to provide the services client has requested, or where our clients have elected to implement certain security measures on their account, we may engage security management service providers;
- Compliance with laws – we may disclose information to a third party where we are legally required to do so in order to comply with any applicable law, regulation, legal process or government request, including in response to public authorities to meet national security or law enforcement requirements;
- Vital interests and legal rights - we may also disclose information where we believe it necessary in order to protect the vital interests of any person, or exercise, establish or defend our legal rights; and
- Business transfers – we may share or transfer information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
PART III. INTERNATIONAL TRANSFERS AND SECURITY
Processing of information in the U.S. and elsewhere
In particular, please note that where clients have requested that we deploy cloud services with Datapipe or other infrastructure provider (for example, AWS or Microsoft Azure), that infrastructure provider may give you the option to choose the location or region in which you wish to host your data. In such circumstances, the client is solely responsible for deciding which location is adequate for the purposes of the data it wishes to host, taking into account the nature and the sensitivity of the data in question.
EU-US Privacy Shield
When processing personal information from the European Economic Area, Datapipe, Inc. and its US subsidiaries have certified our compliance with the EU-US Privacy Shield and we commit to adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity & Purpose Limitation, Access, Recourse, Enforcement and Liability. To access the Privacy Shield List and to find details of our certification, please see https://www.privacyshield.gov/.
Datapipe, Inc. and its US subsidiaries are subject to the investigation and enforcement powers of the Federal Trade Commission.
If you believe your information has not been processed in accordance with the Privacy Shield Principles, you can make a complaint in the following ways:
(1) You can contact us directly at firstname.lastname@example.org or at the mailing address below and we will respond to your complaint within 45 days of receipt:
ATTN: Legal Department, Datapipe, Inc., 10 Exchange Place, Jersey City, NJ 07302, USA
(2) We have further committed to cooperate and comply with the panel of the European data protection authorities (DPAs) in the resolution of your Privacy Shield complaint. If you are unsatisfied with the response you have received from us, or your complaint remains unresolved, you can contact your local DPA (contact details available here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm) which will investigate your complaint free of charge.
Where appropriate, your local data protection authority may refer your complaint to the US Department of Commerce or the Federal Trade Commission for further investigation.
US-Swiss Safe Harbor
For transfers of personal information from Switzerland to the US, we have certified our compliance with the US-Swiss Safe Harbor framework and will apply the Safe Harbor Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement when processing such data. Details of our certification can be found here: https://safeharbor.export.gov/companyinfo.aspx?loc=swiss&id=28397.
If you believe that your information has not been processed in compliance with our US-Swiss Safe Harbor commitments, you may raise your concern with the Federal Data Protection and Information Commissioner (for Swiss citizens), as well as at the contact details further below.
We use appropriate technical, organizational and administrative measures to help protect any information we process about our clients or their users. Please note that when a client instructs us to host data with a third party infrastructure provider, that provider will have its own technical, organizational and administrative measures to protect the data it processes. It is our clients' responsibility to assess the appropriateness of the security measures in place with any third party infrastructure provider before it instructs us to arrange hosting with that provider on its behalf.
In addition, we offer certain optional security protections that our clients may choose to deploy. These optional security protections are not provided by default and will not be implemented unless expressly agreed with our clients at the time they order Services from us. It is our clients' responsibility to assess the need for and appropriateness of these optional security protections, taking into account the nature and the sensitivity of their data.
Please note that no service is completely secure and so, while we endeavor to protect our clients' information using the measures described above, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will not occur although we shall at all times utilize commercially reasonable measures to protect your Data. Although we will do our best to protect your personal information, you should only access the Services within a secure environment. You should always ensure that your login credentials and password are kept safe at all times. You should notify us as soon as possible if you become aware of any misuse of your password or your account, and immediately change your password within the service.
PART IV. YOUR PRIVACY RIGHTS
Update and access to your information
If you are from certain territories (such as the EU or Switzerland), you may have the right to access your personal information, or to correct, amend and delete any personal information we hold about you if it is inaccurate or processed in violation of the Privacy Shield or Safe Harbor Principles. You can send an email to email@example.com, or call us on 201-792-1918 for this purpose. We will consider your request in accordance with the Privacy Shield and Swiss Safe Harbor Principles and any applicable laws. We may reject requests where, for example, the burden or expense of providing access to your information is disproportionate, or where your request violates the rights of third parties.
For any personal information that is stored or processed by us through the Services on our client's behalf (see "Client Data" section above), Datapipe is acting as a data processor. This means that if you wish to access, review, modify or delete any such personal information, you should direct your query to your client (the data controller). We will then help them to fulfil that request in accordance with their instructions and our Privacy Shield and other contractual commitments.
Unsubscribe from our mailing list
You may at any time ask us to remove you from any mailing list on which you previously asked us to include you by sending us an email at firstname.lastname@example.org, by calling us on 201-792-1918, or by clicking "Unsubscribe" in any e-mail communications we send you.
PART V. OTHER IMPORTANT INFORMATION
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from such individuals. If you become aware that a child has provided us with information, please contact us at email@example.com. If we become aware that a child under the age of 18 has provided us with personal information, we will take steps to delete such information.
How to contact us
ATTN: Legal Department
10 Exchange Place,