Effective Date: October 12, 2018
Table of Contents
In subscribing to our services or filling in a contact form on our website (uploadcare.com) or other sites owned by Uploadcare, you agree and accept that we may gather, process, store and/or use the submitted personal data under the rules set forth below.
By giving your consent to us, you also retain the right to have your personal data rectified, to be forgotten and/or to be erased.
PERSONAL DATA COLLECTED
Identity and contact details
Personal data are collected on our website by Uploadcare Inc., a company registered under the laws of USA under number 82-1639831 with the Internal Revenue Service of United States of America, and having its registered office at 2711 Centerville Road, Suite 400 City of Wilmington, County of New Castle, 19808, USA.
Data Protection Authority Declarations
You retain the right to lodge any complaints on data protection with EU Data Protection Authorities for EU/EEA Data Subjects, and the Swiss Federal Data Protection and Information Commissioner for Swiss Data Subjects.
Data collected on the site
When you subscribe to our services, the following data are collected and managed: email, full name, company name, password, IP address.
By using our services, the following data are collected and managed: log-on data and browsing data where you authorize it, optional profile information, subscription status, information that you downloaded to your storage (see paragraph on third-party data below). Some data are collected automatically by reason of your activity on the site (see paragraph on cookies below).
Purposes of processing and legal basis
The principal purpose of collecting your personal data is to offer you a safe, optimum, efficient, and personalized experience. To this end, you agree and accept that we may use your personal data to:
- Provide our services and facilitate performance, including verifications relating to you.
- Resolve any problems to improve the use of our site and services.
- Personalize, assess, and improve our services, content and materials.
- Analyze the volume and history of your use of our services;
- Inform you about our services as well as our partners’ services and/or promotional offers;
- Prevent, detect, and investigate any activities that are potentially prohibited, unlawful or contrary to good practice, and ensure compliance with our Terms of Service.
- Comply with legal and regulatory obligations.
We use the personal data submitted to us only in accordance with the applicable data protection legislation. Our employees and third-party providers are under an obligation to respect data privacy.
Newsletter and marketing emails
For those of you that have expressly opted in to receive our Uploadcare newsletter, you are easily able to unsubscribe by following the “unsubscribe” links included in every email.
Without systematically doing so, we may analyze and track the email click rates (times you click on a link in an email) and open rates (the fact that you opened an email) to assess performance rates on our mailouts you receive.
Uploadcare publishes a list of Customers & Testimonials on its site with information on customer names and job titles. Uploadcare undertakes to obtain the authorization of every customer before publishing any testimonial on its website (uploadcare.com).
Third party disclosures
Personal data relating to you collected on our website are destined for Uploadcare’s own use and may be forwarded to Uploadcare’s partner companies so that we may obtain assistance and support in the context of carrying out our services. Uploadcare ensures that it has in place clear data protection requirements for all of its third-party providers.
Uploadcare does not sell or rent your personal data to third parties for marketing purposes whatsoever.
In addition, Uploadcare does not disclose your personal data to third parties, except if: (1) you (or your account administrator acting on your behalf) requests or authorizes disclosure thereof; (2) the disclosure is required to process transactions or supply services which you have requested (i.e. for the purposes of processing an acquisition card with credit-card issuing companies); (3) Uploadcare is compelled to do so by a government authority or a regulatory body, in the case of a court order, a summons to appear in court or any other similar requisition from a government or the judiciary, or to establish or defend a legal application; or, (4) the third party is a subcontractor of Uploadcare in the carrying out of services (for example: Uploadcare uses the services of an internet provider or a telecommunications company).
Your data protection rights
In accordance with the European General Data Protection Regulation 2016/679 (GDPR), you have a right of access, correction, and removal of your personal data which you may exercise by sending us a support ticket at email@example.com. Your requests will be processed within 30 days. We may require your request to be accompanied by a photocopy of proof of identity or authority.
You are also able at any time to modify personal data by logging into your account and clicking on “Account Settings.”
You can choose to decline acceptance of all cookies, but your ability to browse certain pages of the site may be reduced. The cookies used by Uploadcare are intended to enable or facilitate communication, to enable the services requested by users to be supplied, to recogniяe users when they re-visit the site, to secure payments which users may make, or other preferences necessary for the service requested to be supplied and to enable Uploadcare, internally, to carry out analyses on hit rates and browsing experience so as to improve content, to track email open rates, click rates, and bounce-back rates at individual levels.
By default, cookies are not installed automatically (except for those cookies needed to run the site and Uploadcare’s services, and you are informed of their installation by a clickable banner with a text description). In accordance with the regulations that apply, Uploadcare will require your authorization before implanting any other kind of cookie to your local storage. To avoid being bothered by these routine requests for authorization and to enjoy uninterrupted browsing, you can configure your device to accept Uploadcare cookies, or we can remember your refusal or acceptance of certain cookies. By default, browsers accept all cookies.
THIRD PARTY DATA
To provide our services, we capture and store some information about you and users uploading materials to Uploadcare:
- IP Addresses
- Request Headers
- Data submitted to our API
This data listed above are stored on secure servers. We don’t use data from uploaded files for anything, except for:
- Detecting MIME-types
- Converting or modifying media upon request from their Account owner
- Delivering files and their modified versions via our CDN upon request from Account owner.
You are easily able to recover your data from your Uploadcare account at any time, by using our REST API. You may also modify and or delete your data at any time from your account.
In no case does Uploadcare sell, share or rent out your stored data to third parties, nor does it use them for any purposes other than those outlined in this Policy.
Since you use Uploadcare services to get data from your users, you are considered the data controller within the meaning of the GDPR, and Uploadcare is acting as a data processor. In this capacity, you are responsible in particular for:
- Making all the declarations necessary to the relative data protection authority.
- Complying with all current regulations in force.
- Obtaining the explicit consent of the persons concerned when collecting their personal data.
- Ensuring your authority to use the personal data collected in accordance with the defined end purposes and refraining from any unauthorized use.
If you use Uploadcare and are acting as a data controller/data processor when handling EU citizens’ personal data, you want to make sure the whole data pipeline is GDPR compliant. Here you can find our updated Data Processing Agreement that should be signed (if applicable) to ensure GDPR compliance of data flows related to Uploadcare.
DATA RETENTION PERIODS
Uploadcare collects your personal data for the requirements of carrying out its contractual obligations as well as information about how and when you use our services, and we retain this data in active databases, log files or other types of files so long as you use our services, and in accordance with the current regulations in force.
Uploadcare in no way undertakes to store all your data indefinitely. You can access data so long as you hold an active account with us and for a period that varies depending on the type of data concerned and the subscribed plan, but, in no event no longer than 12 months after the closing of your account. The data may be deleted at any time during active use of your account in accordance with the provisions set forth above.
LOCATION OF DATA STORAGE AND TRANSFERS
Within the framework of its services, Uploadcare attributes the very highest importance to the security and integrity of its customers’ personal data.
Thus and in accordance with the GDPR, Uploadcare undertakes to take all pertinent precautions in order to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorized circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.
To this end, Uploadcare implements industry standard security measures to protect personal data from unauthorized disclosure. In using industry recommended methods of encoding, Uploadcare takes the measures necessary to protect information connected with payments and credit cards.
Moreover, to avoid in particular all unauthorized access, to guarantee accuracy and the proper use of the data, Uploadcare has put the appropriate electronic, physical and managerial procedures in place to safeguarding and preserving the data gathered through its services.
Notwithstanding this, there is no absolute safety from piracy or hackers. That is why in the event a breach of security was to affect you, Uploadcare undertakes to inform you thereof without undue delay and to use its best efforts to take all possible measures to neutralize the intrusion and minimize the impacts. Should you suffer any loss by reason of the exploitation by a third party of a security breach, Uploadcare undertakes to provide you with every assistance necessary, so that you can assert your rights.
You should keep in mind that any user, customer or hacker who discovers and takes advantage of a breach in security renders him or herself liable to criminal prosecution and that Uploadcare will take all measures, including filing a complaint and/or bringing court action, to preserve the data and the rights of its users and of itself and to limit the impacts.
In compliance with the Privacy Shield Principles, Uploadcare commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Uploadcare at firstname.lastname@example.org or at our mailing address below:
Uploadcare, Inc 18801 Collins Ave 102-120, Sunny Isles Beach, FL 33160 USA
In the event we are unable to resolve your concern, you may contact ICDR-AAA, which provides an independent third-party dispute resolution body based in the United States, and they will investigate and assist you free of charge. A binding arbitration option may also be available to you in order to address residual complaints not resolved by any other means. Stripe is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
(Your organization name) has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
Uploadcare, Inc 18801 Collins Ave 102-120, Sunny Isles Beach, FL 33160 USA
For EU data subject you can send your requests to:
“Uploadcare”, CIC Rotterdam, Netherlands Groot Handelsgebouw Stationsplein 45, A4.004 3013AK Rotterdam
or to email: email@example.com