Last Updated: February 22, 2018
The Nasuni website at www.nasuni.com (including other sites under the www.nasuni.com domain that link to this Policy) (the “Website”) is provided by the Nasuni Corporation (“Nasuni”, “we”, “our” or “us”). We are a corporation established in the state of Delaware in the United States of America with a registered office and primary business location at One Marina Park Drive, Boston, Massachusetts 02210, USA. Our representative in the EU is Nasuni UK Ltd (Reg. No. 09761095) with a registered office at 2 Minton Place, Victoria Road, Bicester, Oxfordshire, OX26 6QB, UK and a primary business location at Office 02B106, 2 Eastbourne Terrace, 2nd Floor, London, W2 6LG, UK.
Our Website adheres to the US-EU Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (EU) to the U.S. You can view our “Privacy Shield Policy” at www.nasuni.com/legal/privacy/#privacy_shield.To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
The following policy sets out how we deal with your personal data. For the purpose of EU data protection laws, we are the data controller of the data set out in this Section 1, and we are data processor of data from our customers as set out in Section 2 below. Please read the following carefully to understand our practices regarding your personal information and how we will treat it.
Section 1: Where we are data controller
The types of personal information we use
We collect and use the following information about you:
Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
We use the following Cookies:
You can find more information about Cookies and how to manage them at http://www.allaboutcookies.org or www.youronlinechoices.org. If for any reason you wish to not take advantage of Cookies, you may disable Cookies by changing the settings on your browser or by not accepting Cookies when you access the Website.
How we use your personal information
We will use the information in the following ways:
How we share your personal information
We share your personal information with the following selected third parties:
For more information about third parties with whom we elect to share personal information, please click here.
We may share your personal information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
We may also disclose your information to third parties:
Where we store your personal information
The information that we collect from you is stored on servers in various locations, primarily in the U.S. We may transfer personal information about you outside the country in which you are located to such locations, including the UK and EU, where we have business operations. Your personal data is also processed by employees or agents operating outside the EEA who work for us or for one of our suppliers or business partners. Such employees or agents are engaged in, among other things, the hosting of our Website, the storage of information about our Website users and their Website activities, the fulfilment of your orders, the provision of information to you that you may request from us, and the provision of support services. Recipients outside the EU or U.S. to whom we transfer the personal information of UK or EU residents for storing or processing must comply with the standard contractual clauses for the transfer and processing of personal data as set out in European Commission Decision 2004/915/EC or another mechanism permitted by the applicable EU data protection laws for transfers and processing. By submitting your personal data, you agree to this transfer, storing or processing.
To enable transfer of personal data to the US from the EEA, Nasuni complies with the US Department of Commerce’s EU-US Privacy Shield and has certified that we adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website.
The security of your personal information
Nasuni has implemented industry-standard measures to protect the security of the personal information we collect via the Website. For example, we use (SSL – Secure Socket Layers), cloud-based firewalls and a digital certificate to protect your personal information. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. No one can guarantee, and we do not guarantee, that your personal information is completely secure at all times. You are also responsible for maintaining the confidentiality of your personal information to protect it against unauthorized access or use.
Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
Our Website contains blog posts, to which you can post replies. Any personal information you choose to submit in a blog post may be read, collected, or used by others, and may be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums.
Nasuni retains your personal information for no longer than we need to do perform the activity for which the information was originally collected. If you express an interest in our products and services, we will retain your information for up to a year after our last contact with you, unless you ask us to delete your information sooner, but if you become a customer we will maintain your account, and your personal information associated with the account, for as long as you are a customer and for the period of time thereafter as specified in our contract with you. If we have a legitimate interest to retain your information for a longer period of time, such as if your information is the subject of an audit, legal dispute, or governmental order, then we will retain such information until no longer required to comply with our legal obligations. We may collect your IP address when browsing our Website, so that we know what content applies to you or whether we can export information to you, and we retain that information for up to the applicable statutes of limitation under the regulations applicable to the activity for which the IP address was collected.
After you have terminated your use of our services, we will store your information in an aggregated and anonymised format.
Section 2: Where we are data processor
Our customers, usually your employer, engage Nasuni to provide services. As part of our contract with our customers, we provide remote access support. This means that we may have access to personal information where customers instruct us to provide support. Our customers are the data controller of this data and questions about their data handling processes should in the first instance be addressed to them. At all times, we act as a service provider to our customers, and process data on their behalf.
Effective: February 22, 2018
The Nasuni Corporation (“Nasuni”) recognizes that the EU has established strict protections for the processing of personal data of its data subjects, including the requirement that any personal data transferred outside of the EU is processed with adequate protection. asuni has elected to self-certify to the EU-US Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from its customers in the EU (the “Privacy Shield Principles”). To review our Privacy Shield certification, please click here. The full list of companies that have self-certified with the Privacy Shield is available at http://www.privacyshield.gov/list.
All Nasuni employees who handle personal data from the EU are required to comply with this Policy. If there is a conflict between the terms of this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. The Federal Trade Commission (“FTC”) has jurisdiction over Nasuni’s compliance with the Privacy Shield, and Nasuni’s compliance with the Privacy Shield Principles is subject to the FTC’s investigatory and enforcement powers.
I. Types of Personal Data Processed
Nasuni provides cloud-scale enterprise file services to help its customers protect, access, and manage unstructured file data. In the course of providing its services, Nasuni processes personal data received from its customers. Such personal data may include the personal data of Nasuni’s customers’ employees or other representatives who interact with Nasuni on the customer’s behalf. Such personal data may also include data which is incidentally accessed by Nasuni in the performance of technical and support services for its customers. Customers may provide such personal data when registering individuals as users of the Nasuni products and services, logging into their accounts, completing surveys, requesting information or otherwise communicating with Nasuni about their account. The personal data that Nasuni collects during these activities includes the contact information of its customers’ employees, agents or other representatives (including name, work email address, work mailing address, work telephone number, title, and company name); the login credentials of the individual users (such as email address and passwords); billing information (such as name, email address, company, job title, and company account number and mailing address); and technical Information (such as IP addresses and browser type used by individuals accessing the services).
II. Purposes of Collection and Use
Nasuni processes personal data provided by its customers in fulfillment of its contractual obligations to them. To fulfill these obligations, we may access personal data to provide customers with access to the Nasuni products and services; to correct and address technical or service problems; to follow the customer’s instructions regarding the personal data (such as with respect to deletions or corrections); to facilitate ordering and billing on the customer’s account; to comply with our contractual, legal and regulatory obligations to our customers; to address legal claims and disputes, including with law enforcement bodies, government bodies and regulators; and to protect the intellectual property, confidential information and assets of Nasuni and its other customers.
III. Disclosure of Personal Data
Nasuni uses third-party service providers to assist us in providing our services to customers. Such third-party providers perform IT or technical support services; implementation or data migration services; data storage services; manufacturing, shipping or logistical services; or similar services on our behalf. These third parties may access, process, or store personal data in the course of providing these services. Nasuni may also disclose personal data to it business partners, such as its distributors; professional advisors, such as lawyers; government, law enforcement bodies and other public authorities as required by law (including under a lawful disclosure request, and to meet national security or law enforcement requirements); and potential acquirers or purchasers in relation to transfers of any of Nasuni’s business or assets. Nasuni also may disclose personal data for other purposes or to other third parties when a customer has consented to or requested such disclosure.
Individuals have the right to opt out of Nasuni’s use of their personal data if Nasuni uses that personal data (i) for a purpose that is materially different from the original purpose for which it was collected; or (ii) if such personal data is passed to a third party who subsequently uses that personal data for its own purposes
V. Onward Transfer
When third parties process personal data to provide specific services on Nasuni’s behalf, Nasuni enters into contracts with those third parties where required by the Privacy Shield Principles. These contracts require third parties to provide the same level of protection that the Privacy Shield requires and limits third party use of the personal data. In some cases, Nasuni may remain liable for the acts of third parties that process personal data when they perform services on our behalf. If you would like to know more, contact us at firstname.lastname@example.org.
Nasuni uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate. Nasuni has implemented reasonable and appropriate physical and technical safeguards to protect personal data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction, taking into account the risks involved in the processing and the nature of the personal data.
VII. Data Access and Limitation
EU individuals have rights to access personal data about them, and to limit use and disclosure of their personal data. Nasuni commits to comply with the Privacy Shield Principles with respect to all personal data of customers that we receive from the EEA. Customers whose personal data is received by Nasuni from non-EEA jurisdictions do not have the rights set out in this Policy. Because Nasuni personnel have limited ability to access data our customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the Nasuni customer who submitted your data to our services. We will refer your request to that customer and will support them as needed in responding to your request.
VIII. Questions or Complaints
Customers may contact Nasuni with questions or complaints concerning Nasuni’s compliance with the Privacy Shield Principles by emailing us at email@example.com. We will respond to your complaint within 45 days. Nasuni has mechanisms in place for assuring compliance with this Policy, recourse for customers and individuals who are affected by non-compliance with the Privacy Shield Principles, and consequences when the Privacy Shield Principles are not followed. If you believe that Nasuni has not acknowledged a complaint in a timely manner, or that a complaint was not satisfactorily addressed by Nasuni, you may bring a complaint before the independent dispute resolution mechanism operated by JAMS at https://www.jamsadr.com/eu-us-privacy-shield. Finally, as a last resort and in limited situations, you may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
This document is managed by Nasuni’s Chief Information Security Officer (CISO), who oversees Nasuni’s compliance with the Privacy Shield. Any questions, concerns, or comments regarding this Policy also may be directed to firstname.lastname@example.org.
This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will inform our customers of changes to this policy either through the customer support portal or by email or other means.