Privacy Policy (May 25, 2018)
Note: The previous version of our Privacy Policy can be found here.
Effective Date: May 25, 2018
This Privacy Policy describes how we manage, process and store personal data submitted in the context of providing our services. “Personal data” refers to any information relating to an identifiable individual or their personal identity.
Table of Contents
- Consent
- Personal data collected
- Third party data
- Data retention periods
- Location of data storage and transfers
- Security
- Privacy policy changes
Consent
In subscribing to our services or filling in a contact form on our website (uploadcare.com) or other sites owned by Uploadcare, you agree and accept that we may gather, process, store and/or use the submitted personal data under the rules set forth below.
By giving your consent to us, you also retain the right to have your personal data rectified, to be forgotten and/or to be erased.
Personal data collected
Identity and contact details
Personal data are collected on our website by Uploadcare Inc., a company registered under the laws of USA under number 82-1639831 with the Internal Revenue Service of United States of America, and having its registered office at 2711 Centerville Road, Suite 400 City of Wilmington, County of New Castle, 19808, USA.
Data Protection Authority Declarations
You retain the right to lodge any complaints on data protection with EU Data Protection Authorities for EU/EEA Data Subjects, and the Swiss Federal Data Protection and Information Commissioner for Swiss Data Subjects.
Data collected on the site
When you subscribe to our services, the following data are collected and managed: email, full name, company name, password, IP address.
By using our services, the following data are collected and managed: log-on data and browsing data where you authorize it, optional profile information, subscription status, information that you downloaded to your storage (see paragraph on third-party data below). Some data are collected automatically by reason of your activity on the site (see paragraph on cookies below).
Purposes of processing and legal basis
The principal purpose of collecting your personal data is to offer you a safe, optimum, efficient, and personalized experience. To this end, you agree and accept that we may use your personal data to:
- Provide our services and facilitate performance, including verifications relating to you.
- Resolve any problems to improve the use of our site and services.
- Personalize, assess, and improve our services, content and materials.
- Analyze the volume and history of your use of our services;
- Inform you about our services as well as our partners’ services and/or promotional offers;
- Prevent, detect, and investigate any activities that are potentially prohibited, unlawful or contrary to good practice, and ensure compliance with our Terms of Service.
- Comply with legal and regulatory obligations.
We use the personal data submitted to us only in accordance with the applicable data protection legislation. Our employees and third-party providers are under an obligation to respect data privacy.
Newsletter and marketing emails
For those of you that have expressly opted in to receive our Uploadcare newsletter, you are easily able to unsubscribe by following the “unsubscribe” links included in every email.
Without systematically doing so, we may analyze and track the email click rates (times you click on a link in an email) and open rates (the fact that you opened an email) to assess performance rates on our mailouts you receive.
Testimonials
Uploadcare publishes a list of Customers & Testimonials on its site with information on customer names and job titles. Uploadcare undertakes to obtain the authorization of every customer before publishing any testimonial on its website (uploadcare.com).
Third party disclosures
Personal data relating to you collected on our website are destined for Uploadcare’s own use and may be forwarded to Uploadcare’s partner companies so that we may obtain assistance and support in the context of carrying out our services. Uploadcare ensures that it has in place clear data protection requirements for all of its third-party providers.
Uploadcare does not sell or rent your personal data to third parties for marketing purposes whatsoever.
In addition, Uploadcare does not disclose your personal data to third parties, except if: (1) you (or your account administrator acting on your behalf) requests or authorizes disclosure thereof; (2) the disclosure is required to process transactions or supply services which you have requested (i.e. for the purposes of processing an acquisition card with credit-card issuing companies); (3) Uploadcare is compelled to do so by a government authority or a regulatory body, in the case of a court order, a summons to appear in court or any other similar requisition from a government or the judiciary, or to establish or defend a legal application; or, (4) the third party is a subcontractor of Uploadcare in the carrying out of services (for example: Uploadcare uses the services of an internet provider or a telecommunications company).
Your data protection rights
In accordance with the European General Data Protection Regulation 2016/679 (GDPR), you have a right of access, correction, and removal of your personal data which you may exercise by sending us a support ticket at help@uploadcare.com. Your requests will be processed within 30 days. We may require your request to be accompanied by a photocopy of proof of identity or authority.
You are also able at any time to modify personal data by logging into your account and clicking on “Account Settings.”
Cookies/Tracking
As a general rule, Uploadcare uses cookies to improve and personalize its website and/or measure its audience. Cookies are files saved to your local storage when browsing on the internet and in particular on our site. A cookie is not used to gather your personal data without your knowledge but instead to record information on site browsing which can be read directly by Uploadcare on your subsequent visits.
You can choose to decline acceptance of all cookies, but your ability to browse certain pages of the site may be reduced. The cookies used by Uploadcare are intended to enable or facilitate communication, to enable the services requested by users to be supplied, to recogniяe users when they re-visit the site, to secure payments which users may make, or other preferences necessary for the service requested to be supplied and to enable Uploadcare, internally, to carry out analyses on hit rates and browsing experience so as to improve content, to track email open rates, click rates, and bounce-back rates at individual levels.
By default, cookies are not installed automatically (except for those cookies needed to run the site and Uploadcare’s services, and you are informed of their installation by a clickable banner with a text description). In accordance with the regulations that apply, Uploadcare will require your authorization before implanting any other kind of cookie to your local storage. To avoid being bothered by these routine requests for authorization and to enjoy uninterrupted browsing, you can configure your device to accept Uploadcare cookies, or we can remember your refusal or acceptance of certain cookies. By default, browsers accept all cookies.
When you access third party sites on our website, or when you are reading integration or social media links, cookies can be created by the companies disseminating these links. These third parties may be able to use cookies in the context of Uploadcare’s services (partners or other third parties supplying content or services available on the Uploadcare site) and are responsible for the cookies they install, and it is their conditions on cookies which apply. Uploadcare assumes no liability regarding the possible use of cookies by third parties. For more information, you are advised to check the cookie policy directly on these third-party sites concerning their use of cookies.
Third party data
To provide our services, we capture and store some information about you and users uploading materials to Uploadcare:
- IP Addresses
- Request Headers
- Data submitted to our API
This data listed above are stored on secure servers. We don’t use data from uploaded files for anything, except for:
- Detecting MIME-types
- Converting or modifying media upon request from their Account owner
- Delivering files and their modified versions via our CDN upon request from Account owner.
You are easily able to recover your data from your Uploadcare account at any time, by using our REST API. You may also modify and or delete your data at any time from your account.
In no case does Uploadcare sell, share or rent out your stored data to third parties, nor does it use them for any purposes other than those outlined in this Policy.
Since you use Uploadcare services to get data from your users, you are considered the data controller within the meaning of the GDPR, and Uploadcare is acting as a data processor. In this capacity, you are responsible in particular for:
- Making all the declarations necessary to the relative data protection authority.
- Complying with all current regulations in force.
- Obtaining the explicit consent of the persons concerned when collecting their personal data.
- Ensuring your authority to use the personal data collected in accordance with the defined end purposes and refraining from any unauthorized use.
If you use Uploadcare and are acting as a data controller/data processor when handling EU citizens’ personal data, you want to make sure the whole data pipeline is GDPR compliant. Here you can find our updated Data Processing Agreement that should be signed (if applicable) to ensure GDPR compliance of data flows related to Uploadcare.
Data retention periods
Uploadcare collects your personal data for the requirements of carrying out its contractual obligations as well as information about how and when you use our services, and we retain this data in active databases, log files or other types of files so long as you use our services, and in accordance with the current regulations in force.
Uploadcare in no way undertakes to store all your data indefinitely. You can access data so long as you hold an active account with us and for a period that varies depending on the type of data concerned and the subscribed plan, but, in no event no longer than 12 months after the closing of your account. The data may be deleted at any time during active use of your account in accordance with the provisions set forth above.
Location of data storage and transfers
Uploadcare complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Uploadcare has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit privacyshield.gov. For more information, see our Privacy Shield Notice.
Security
Within the framework of its services, Uploadcare attributes the very highest importance to the security and integrity of its customers’ personal data.
Thus and in accordance with the GDPR, Uploadcare undertakes to take all pertinent precautions in order to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorized circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.
To this end, Uploadcare implements industry standard security measures to protect personal data from unauthorized disclosure. In using industry recommended methods of encoding, Uploadcare takes the measures necessary to protect information connected with payments and credit cards.
Moreover, to avoid in particular all unauthorized access, to guarantee accuracy and the proper use of the data, Uploadcare has put the appropriate electronic, physical and managerial procedures in place to safeguarding and preserving the data gathered through its services.
Notwithstanding this, there is no absolute safety from piracy or hackers. That is why in the event a breach of security was to affect you, Uploadcare undertakes to inform you thereof without undue delay and to use its best efforts to take all possible measures to neutralize the intrusion and minimize the impacts. Should you suffer any loss by reason of the exploitation by a third party of a security breach, Uploadcare undertakes to provide you with every assistance necessary, so that you can assert your rights.
You should keep in mind that any user, customer or hacker who discovers and takes advantage of a breach in security renders him or herself liable to criminal prosecution and that Uploadcare will take all measures, including filing a complaint and/or bringing court action, to preserve the data and the rights of its users and of itself and to limit the impacts.
Privacy policy changes
Uploadcare reserves the right to update this Privacy Policy at any time, in particular pursuant to any changes made to the laws and regulations in force. Any modifications made will be notified to you via our website or by email, to the extent possible, fourteen (14) days at least before any changes come into force.
Please feel free to contact us if you have any questions about Uploadcare's Privacy Policy or practices. You may contact our Data Protection Officer at privacyshield@uploadcare.com or at our mailing address below:
Uploadcare, Inc
18801 Collins Ave 102-120
Sunny Isles Beach, FL
33160
USA
For EU data subject you can send your requests to:
“Uploadcare”, CIC Rotterdam, Netherlands
Groot Handelsgebouw
Stationsplein 45, A4.004
3013AK Rotterdam
or to email: gdpr@uploadcare.com