Uploadcare EU-U.S. and Swiss-U.S. Privacy Shield Notice

Effective: September 18, 2017

Uploadcare, Inc. (“We” or “Our”) has certified with the EU-U.S. and Swiss-U.S. Privacy Shield with respect to the personal data we receive and process on behalf of our customers through our file handling mechanisms (the “Services”). Uploadcare certifies that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for personal data submitted by our customers in participating European countries through the Services, and our Privacy Shield certification will be available here.

Data Processed

We provide the Services so that our customers don’t have to build their own solutions for handling files (uploads, processing, storage, and delivery) for web and mobile apps. In providing these Services, we process data our customers submit to the Services or instruct us to process on their behalves in connection with the Services (“Customer Data”).

Purposes of Data Processing

In order to provide the Services, we capture and store some information about you, and the users uploading material to the service:

  1. IP Addresses
  2. Request Headers
  3. Data entered on our website
  4. Data submitted to our API

We don’t use data from uploaded files for anything, except for:

  1. Detecting its MIME-type
  2. Generating preview on request
  3. Converting or modifying the files on request from Account owner of that file

All data stored by us is only used for internal processing, and never sold or otherwise given away.

Third Parties With Whom We May Share Customer Data

We use a limited number of third party providers to assist us in providing the Services to our customers. As of the date hereof, these third party providers perform technical operations such as database monitoring, data storage and delivery, hosting services, and customer support software tools. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.

If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage. Questions or Complaints If you are a resident of a European country participating in the Privacy Shield and you believe we maintain your personal data within the scope of this Privacy Shield certification, you may direct any questions or complaints concerning our Privacy Shield compliance to privacyshield@uploadcare.com or at our mailing address:

Uploadcare, LLC
18401 Collins Ave, Ste. 100-241,
Sunny Isles Beach, FL 33160
USA

We will work with you to resolve your issue.

Dispute Resolution

If you are a resident of a European country participating in the Privacy Shield and you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from EU Data Protection Authorities for EU/EEA Data Subjects, and the Swiss Federal Data Protection and Information Commissioner for Swiss Data Subjects, which are an independent dispute resolution bodies.

Arbitration

You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from EU Data Protection Authorities for EU/EEA Data Subjects, and the Swiss Federal Data Protection and Information Commissioner for Swiss Data Subjects; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.

U.S. Federal Trade Commission Enforcement

Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Right of Access

Some international users (including those whose personal data is within the scope of this Privacy Shield certification) have certain legal rights to access certain personal data we hold about them and to obtain its correction, amendment or deletion. Those users may exercise those rights through the options described in their Dashboard and Account settings or by contacting us via privacyshield@uploadcare.com.

Requirement to Disclose

We may disclose personal data when we have a good faith belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.