Privacy | Nasuni



Nasuni Corporation Privacy Policy

Last Updated: February 22, 2018

The Nasuni website at (including other sites under the domain that link to this Policy) (the “Website”) is provided by the Nasuni Corporation (“Nasuni”, “we”, “our” or “us”). We are a corporation established in the state of Delaware in the United States of America with a registered office and primary business location at One Marina Park Drive, Boston, Massachusetts 02210, USA. Our representative in the EU is Nasuni UK Ltd (Reg. No. 09761095) with a registered office at 2 Minton Place, Victoria Road, Bicester, Oxfordshire, OX26 6QB, UK and a primary business location at Office 02B106, 2 Eastbourne Terrace, 2nd Floor, London, W2 6LG, UK.

Our Website adheres to the US-EU Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (EU) to the U.S.   You can view our “Privacy Shield Policy” at learn more about the Privacy Shield program, and to view our certification, please visit

If you have questions or complaints about this Privacy Policy or associated practices, please contact us at If you have an unresolved privacy or data use concerns that we have not addressed to your satisfaction, you may contact our U.S. based third-party dispute resolution provider (free of charge) at

The following policy sets out how we deal with your personal data. For the purpose of EU data protection laws, we are the data controller of the data set out in this Section 1, and we are data processor of data from our customers as set out in Section 2 below. Please read the following carefully to understand our practices regarding your personal information and how we will treat it.

Section 1: Where we are data controller

The types of personal information we use
We collect and use the following information about you:

  • Information you give us.You give us information about yourself when you use our Website or when you correspond with us by phone, email or otherwise. When you use our Website to request additional information about our services, download a document, register for an event, schedule a demo or briefing, or post a comment or provide feedback on our Website, we require you to provide us with your personal contact information, such as your name, company name, job title, email address, phone number and the country in which you are located.  When you apply for a job on our Website, we require you to provide additional personal information such as your mailing address, personal email address, mobile phone number and salary expectations, as well as a resume or curriculum vitae. When you log into our support portal through the Website, we require you to provide your email address and password.  Our Website enables you to post responses to our blog posts which may contain additional personal information that you choose to include.
  • Information we collect about you. When you navigate the Website, we automatically collect, through the use of Cookies (as defined below) and similar information gathering tools, your IP address, browser type and information regarding your use of the Website such as a log of your visits to the Website, your browsing activity, your page views and downloads, and the URLs of the sites you came from and that you went to after leaving the Website.
  • Location data. We collect information about your location (i) from derivations made from the IP address from which you connect, and/or (ii) if you consent to the sharing of location data with our Website on your mobile operating system, from the Global Positioning System (GPS) of your device when the Website is running in the foreground or background. If you do not wish to share your GPS location with us, you can switch off the GPS functionality on your device.  If you otherwise wish to withdraw your consent to our use of location data, you can do so by contacting
  • Information received from other sources.  The Website may link to other websites operated by third parties (“Third Party Websites”) such as when you click on links to access the full news articles or promotional articles published by publicly-available media sources. You may have the ability to provide information such as your name, email address, company name, location, and phone number, on such Third Party Websites, when you request more information, register for a trade show or event or perform other activities on these Third Party Websites. Third Party Websites may share with us your personal and/or business contact information, such as your name, email address, company name, job title, phone number, as well as your browsing activity, for our marketing and promotional purposes. You may also provide your information to our resellers and channel partners, who provide such information to us for our joint marketing purposes. In addition, we collect information from publicly accessible sites such as business directories and social media sites. We do not control, and are not responsible for, the content or practices of Third Party Websites. This Privacy Policy does not apply to Third Party Websites, which are subject to their own privacy policies. For a list of third party sources, please click here.

We use cookies and other similar technologies (such as web beacons) (“Cookies”) to enhance your experience using the Website. “Cookies” are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, and to deliver a better and more personalized service. Nasuni and its marketing partners or suppliers may use Cookies when you interact with our Website or use our online products. We use Cookies to track your visits to the Website and what links you click on, as well as to track your page views, so that we can understand what content is of interest to you and present you with a better browsing experience.  We also use Cookies to track and deduplicate information you provide when you submit a form to us, to test whether you have cookies enabled, and to remember you if you visited the Website previously so that we know not to ask you again to accept cookies.

Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

We use the following Cookies:

  • Strictly necessary Cookies.These are Cookies that are required for the operation of the Website. They include, for example, Cookies that enable you to log into secure areas of the Website.
  • Analytical/performance Cookies.They allow us to recognize and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality Cookies.These are used to recognize you when you return to the Website. This enables us to personalize our content for you (such as to prefill forms if you have filled out on our Website in the past).
  • Targeting Cookies.These Cookies record your visit to the Website, the pages you have visited and the links you have followed. We use this information to help make our marketing activities more relevant for you. We may also share this information with third parties for this purpose.

You can find more information about Cookies and how to manage them at or  If for any reason you wish to not take advantage of Cookies, you may disable Cookies by changing the settings on your browser or by not accepting Cookies when you access the Website.

How we use your personal information
We will use the information in the following ways:

  • As it is important for us to be responsive to you and to ensure the proper functioning of our Website and proper delivery of our services, we believe it is in our legitimate interests to use information you give us and information we collect about you to:
    • perform the services you requested, such as providing you with more information about our products and services, scheduling a demo or enrolling you in a webinar;
    • plan and host company events, online forums and social networking activities, such as our user conference or webinars about our products and services or the products and services of our partners;
    • notify you about changes to our products or services, deliver our products and services to you, invoice you for the products and services you order, further develop our products and services, and provide you with customer and/or technical support for our products and services;
    • support our intent to maintain and improve the performance and security of our Website and our services and improve and administer our services for our internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • comply with legal requirements and enforce the terms and conditions of our agreements, including the investigation of potential violations;
    • assist you with problems using our Website, measure and understand the effectiveness of the content we serve to you and others and present our Website content in a more effective manner for you and for your computer or device;
    • enable you to apply for a job with us.
  • With your consent, or where we are able to under the applicable law, we may use your personal information to inform you about product upgrades, special offers or other products, services and information (including from third parties); conduct market research; or ask you to complete surveys or evaluations. If you wish to withdraw your consent to such marketing, you can do so by using the unsubscribe function in any email we address to you or by emailing
  • With your consent, or where we are able to under the applicable law, we may process your location data to enable us to identify you by IP address so that we may deliver a more targeted Website experience, or to enable us to comply with applicable laws. If you wish to withdraw your consent to us using location data, you can do so by emailing
  • We also use your information aggregated with the information of our other Website visitors in order to analyze and administer our Website and services. This information may include your IP address, your browser type, the pages that you viewed, the dates and times that you visited and the URL of the website you came from and the website you went to after you left our site.  We believe we have a legitimate interest in using this information to help us analyze overall trends, such as what countries our Website visitors are from or what web pages are of the most interest to our Website visitors, so that we can offer our Website visitors a more reliable and effective Website.

How we share your personal information
We share your personal information with the following selected third parties:

  • our subsidiary company in the UK, Nasuni UK Ltd, which stores your personal data in the U.S., the UK and the EU, for the purposes of providing customer support, marketing, account management, technical and professional services, and of otherwise operating our business;
  • our sales and supply chain participants, such as our integrators and order fulfilment providers throughout the world, which store your personal data in the U.S., Canada, EU, UK, Australia and other countries to deliver our products to you in those countries;
  • our consultants and independent contractors located in the U.S., the UK and the EU, which access your personal information from each of these locations, to provide implementation and other professional services, or customer and technical support, on our behalf to you, if you are a user of our services;
  • our website hosting and operating suppliers located in the U.S., which store your personal data in the U.S. and other countries, to enable us to operate our Website and deliver web content to you and who enable you to conduct certain activities on our Website, such download a document;
  • our analytics and search engine providers, located in the U.S. and other countries, which store your personal data in the U.S., the EU and other countries, to assist us in the improvement and optimization of the Website;
  • our cloud service providers located in the U.S., who store your personal data in the U.S., EU, UK and other countries, who provide us with sales and marketing automation services based upon information we obtain from our Website so that we can market to you; who provide us with customer service and relationship management services so that we can serve you as a customer and comply with our contract with you; or who provide channel relationship management services so that we can market and sell to you through our sales channel;
  • our cloud storage providers in the U.S., UK and EU, which store your personal data in the U.S., UK, EU and other countries, for the purposes of storing, managing and protecting information that we collect from our customers and our Website visitors;
  • our marketing partners located in the U.S., UK and EU, which store your personal data in the U.S., UK, EU and other countries, with whom we may jointly offer products, services and programs (such as newsletters or web content), if you purchase, specifically express an interest in, or register for such jointly offered products, services and programs; such marketing partners use the information we provide in accordance with their own privacy policies; and
  • provided you have consented, advertisers and advertising networks located in the U.S., which store your personal data in the U.S. and other countries, that require the data to select and serve relevant advertisements to you and others.

For more information about third parties with whom we elect to share personal information, please click here.

We may share your personal information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

  • comply with a legal obligation, process or request (including responding to any requests from law enforcement authorities outside the European Economic Area (“EEA”));
  • enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
  • detect, prevent or otherwise address security, fraud or technical issues; or
  • protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law.

We may also disclose your information to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your data to the prospective seller or buyer of such business or assets; or
  • if we sell, buy, merge or partner with other companies or businesses, or sell some or all of our assets. In such transactions, user information may be among the transferred assets.

Where we store your personal information
The information that we collect from you is stored on servers in various locations, primarily in the U.S.  We may transfer personal information about you outside the country in which you are located to such locations, including the UK and EU, where we have business operations. Your personal data is also processed by employees or agents operating outside the EEA who work for us or for one of our suppliers or business partners. Such employees or agents are engaged in, among other things, the hosting of our Website, the storage of information about our Website users and their Website activities, the fulfilment of your orders, the provision of information to you that you may request from us, and the provision of support services.  Recipients outside the EU or U.S. to whom we transfer the personal information of UK or EU residents for storing or processing must comply with the standard contractual clauses for the transfer and processing of personal data as set out in European Commission Decision 2004/915/EC or another mechanism permitted by the applicable EU data protection laws for transfers and processing. By submitting your personal data, you agree to this transfer, storing or processing.

Privacy Shield
To enable transfer of personal data to the US from the EEA, Nasuni complies with the US Department of Commerce’s EU-US Privacy Shield and has certified that we adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website.

The security of your personal information
Nasuni has implemented industry-standard measures to protect the security of the personal information we collect via the Website. For example, we use (SSL – Secure Socket Layers), cloud-based firewalls and a digital certificate to protect your personal information. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential.  We ask you not to share a password with anyone. No one can guarantee, and we do not guarantee, that your personal information is completely secure at all times. You are also responsible for maintaining the confidentiality of your personal information to protect it against unauthorized access or use.

Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal information to these websites.

Our Website contains blog posts, to which you can post replies.  Any personal information you choose to submit in a blog post may be read, collected, or used by others, and may be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums.

Data retention
Nasuni retains your personal information for no longer than we need to do perform the activity for which the information was originally collected.  If you express an interest in our products and services, we will retain your information for up to a year after our last contact with you, unless you ask us to delete your information sooner, but if you become a customer we will maintain your account, and your personal information associated with the account, for as long as you are a customer and for the period of time thereafter as specified in our contract with you.  If we have a legitimate interest to retain your information for a longer period of time, such as if your information is the subject of an audit, legal dispute, or governmental order, then we will retain such information until no longer required to comply with our legal obligations. We may collect your IP address when browsing our Website, so that we know what content applies to you or whether we can export information to you, and we retain that information for up to the applicable statutes of limitation under the regulations applicable to the activity for which the IP address was collected.

After you have terminated your use of our services, we will store your information in an aggregated and anonymised format.

Your rights

  • You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us at
  • Data rights. In certain circumstances, you have the right to access and receive a copy of personal data we hold about you, to rectify any personal data held about you that is inaccurate, to request that we restrict the processing of your personal data and to request the deletion of personal data held about you. You also have the right to object to our processing of your data on the basis of legitimate interest and the right to data portability for some personal data – this means that you can obtain a copy of some of your data so that you can manage and move it. You can exercise your rights by contacting us at
  • In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your data protection authority.

This Privacy Policy may be amended from time to time, consistent with applicable data protection and privacy laws and principles.  We will inform our customers of changes to this policy either through the customer support portal or by email or other means.

If you have any questions about this Privacy Policy, please send your inquiry to, or to the applicable Nasuni office identified on the footer of each page of our Website.

Section 2:  Where we are data processor
Our customers, usually your employer, engage Nasuni to provide services. As part of our contract with our customers, we provide remote access support. This means that we may have access to personal information where customers instruct us to provide support. Our customers are the data controller of this data and questions about their data handling processes should in the first instance be addressed to them. At all times, we act as a service provider to our customers, and process data on their behalf.

Nasuni Corporation Privacy Shield Policy

Effective:  February 22, 2018

The Nasuni Corporation (“Nasuni”) recognizes that the EU has established strict protections for the processing of personal data of its data subjects, including the requirement that any personal data transferred outside of the EU is processed with adequate protection. asuni has elected to self-certify to the EU-US Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from its customers in the EU (the “Privacy Shield Principles”).  To review our Privacy Shield certification, please click here. The full list of companies that have self-certified with the Privacy Shield is available at

All Nasuni employees who handle personal data from the EU are required to comply with this Policy. If there is a conflict between the terms of this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. The Federal Trade Commission (“FTC”) has jurisdiction over Nasuni’s compliance with the Privacy Shield, and Nasuni’s compliance with the Privacy Shield Principles is subject to the FTC’s investigatory and enforcement powers.

I. Types of Personal Data Processed
Nasuni provides cloud-scale enterprise file services to help its customers protect, access, and manage unstructured file data. In the course of providing its services, Nasuni processes personal data received from its customers. Such personal data may include the personal data of Nasuni’s customers’ employees or other representatives who interact with Nasuni on the customer’s behalf.  Such personal data may also include data which is incidentally accessed by Nasuni in the performance of technical and support services for its customers. Customers may provide such personal data when registering individuals as users of the Nasuni products and services, logging into their accounts, completing surveys, requesting information or otherwise communicating with Nasuni about their account. The personal data that Nasuni collects during these activities includes the contact information of its customers’ employees, agents or other representatives (including  name, work email address, work mailing address, work telephone number, title, and company name);  the login credentials of the individual users (such as email address and passwords);  billing information (such as name, email address, company, job title, and company account number and mailing address); and technical Information (such as IP addresses and browser type used by individuals accessing the services).

II. Purposes of Collection and Use
Nasuni processes personal data provided by its customers in fulfillment of its contractual obligations to them. To fulfill these obligations, we may access personal data to provide customers with access to the Nasuni products and services; to correct and address technical or service problems; to follow the customer’s instructions regarding the personal data (such as with respect to deletions or corrections); to facilitate ordering and billing on the customer’s account; to comply with our contractual, legal and regulatory obligations to our customers; to address legal claims and disputes, including with law enforcement bodies, government bodies and regulators; and to protect the intellectual property, confidential information and assets of Nasuni and its other customers.

III. Disclosure of Personal Data
Nasuni uses third-party service providers to assist us in providing our services to customers. Such third-party providers perform IT or technical support services; implementation or data migration services; data storage services; manufacturing, shipping or logistical services; or similar services on our behalf. These third parties may access, process, or store personal data in the course of providing these services. Nasuni may also disclose personal data to it business partners, such as its distributors; professional advisors, such as lawyers; government, law enforcement bodies and other public authorities as required by law (including under a lawful disclosure request, and to meet national security or law enforcement requirements); and potential acquirers or purchasers in relation to transfers of any of Nasuni’s business or assets. Nasuni also may disclose personal data for other purposes or to other third parties when a customer has consented to or requested such disclosure.

IV. Choice
Individuals have the right to opt out of Nasuni’s use of their personal data if Nasuni uses that personal data (i) for a purpose that is materially different from the original purpose for which it was collected; or (ii) if such personal data is passed to a third party who subsequently uses that personal data for its own purposes

V. Onward Transfer
When third parties process personal data to provide specific services on Nasuni’s behalf, Nasuni enters into contracts with those third parties where required by the Privacy Shield Principles. These contracts require third parties to provide the same level of protection that the Privacy Shield requires and limits third party use of the personal data. In some cases, Nasuni may remain liable for the acts of third parties that process personal data when they perform services on our behalf. If you would like to know more, contact us at

VI. Security
Nasuni uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate. Nasuni has implemented reasonable and appropriate physical and technical safeguards to protect personal data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction, taking into account the risks involved in the processing and the nature of the personal data.

VII. Data Access and Limitation
EU individuals have rights to access personal data about them, and to limit use and disclosure of their personal data. Nasuni commits to comply with the Privacy Shield Principles with respect to all personal data of customers that we receive from the EEA. Customers whose personal data is received by Nasuni from non-EEA jurisdictions do not have the rights set out in this Policy. Because Nasuni personnel have limited ability to access data our customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the Nasuni customer who submitted your data to our services. We will refer your request to that customer and will support them as needed in responding to your request.

VIII. Questions or Complaints
Customers may contact Nasuni with questions or complaints concerning Nasuni’s compliance with the Privacy Shield Principles by emailing us at We will respond to your complaint within 45 days. Nasuni has mechanisms in place for assuring compliance with this Policy, recourse for customers and individuals who are affected by non-compliance with the Privacy Shield Principles, and consequences when the Privacy Shield Principles are not followed. If you believe that Nasuni has not acknowledged a complaint in a timely manner, or that a complaint was not satisfactorily addressed by Nasuni, you may bring a complaint before the independent dispute resolution mechanism operated by JAMS at Finally, as a last resort and in limited situations, you may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

IX. Changes
This document is managed by Nasuni’s Chief Information Security Officer (CISO), who oversees Nasuni’s compliance with the Privacy Shield. Any questions, concerns, or comments regarding this Policy also may be directed to

This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will inform our customers of changes to this policy either through the customer support portal or by email or other means.