Last revised and effective as of: June 5, 2018
The privacy of your data is important to SuiteFiles Limited (“Us”, “We” or “Our”). We are a New Zealand based business providing cloud-based document management solutions for small-to-medium sized business all around the world.
We will never sell your Personal Data to anyone.
“Client” means a customer of SuiteFiles.
“Client Data” means Personal Data, addresses, reports, files, folders or documents in electronic format that a User of the Service stores within the Service.
“Personal Data” means any information relating to a natural person that may be used to identify them such as their name, email, address, telephone number, payment information, support queries, comments on our website, and so on.
“Service” means the SuiteFiles applications and websites provided by SuiteFiles.
“User” means an employee, agent or representative of the Client who uses the applications of the Service.
“Visitor” means a person who is not a User who accesses Our website (www.suitefiles.com).
The Information We Collect
We collect different types of information when you visit our websites or use our Services. How we collect Personal Data can be broadly categorised into the following:
User provided information. This is information that is provided directly from a User or Visitor when they access parts of our websites or Services. It includes, but is not limited to, name, email address, phone number, physical and postal address, credit card or other billing information. Examples of when User provided information may be collected include signing up for a trial, applying for a job, responding to an email, participating in training or events we run, contacting us with questions, requesting support or connecting with us on social media. If you don’t want to provide us with Personal Data you don’t have to but it may mean you can’t use some parts of our websites or Services.
Automatically collected information. When a User or a Visitor accesses Our websites or Services, We may collect information automatically. This information may include IP address, web browser, device type, operating system, content being accessed, dates and times of access or use of the Service. We may also collect information about a Visitor’s or User’s interaction with email messages such as whether the email has been opened, clicked on or forwarded by the User or Visitor.
Other services. To use SuiteFiles a Client must have a Microsoft Office 365 account for their company. A User’s Office 365 credentials are used to authenticate and log into the Services. During this process we may collect Personal Data from the Office 365 account to provide the Service required.
Other sources. It’s possible that We will obtain information from third parties, including Personal Data. Third parties could include our reseller partners, trade show organisers or marketing and research partners. Any Personal Data provided by a third party will be treated as any other Personal Data in accordance with this Policy.
How We Use The Information We Collect
For any Personal Data that we collect, we’ll only process it:
- To perform a contract with you, or
- Where we have a legitimate interest to process the Personal Data and that is not overridden by your rights, or
- Where we have a legal obligation to do so, or
- Where we have your consent.
If we don’t collect your Personal Data we may be unable to provide you with all of our Services.
We use the information that we collect to operate our websites and provide you with Our Services that you have requested. We may also use your Personal Data other ways, including:
Operations. We use information, other than Client Data, to operate, maintain, enhance and provide all features of the Service. We do this to provide you with the services and information that you request, to provide support and respond to your comments and questions. We only access Client Data upon directions from the applicable Client or User.
Improvements. To provide the best possible service we use the information to analyse and understand how Users and Visitors use the Services so they can be improved, and new features, functionality, services or products can be developed.
Communications. We may use a User or Visitors email address or phone number to communication directly with them. Communications will be for, but not limited to, providing support, answering questions, informing Users and Visitors about updates to the Service, addressing issues of privacy, intellectual property violations or deformation and for providing information about promotions and up coming events. You may opt out of promotional communications as “Your Rights” below.
Tracking. We automatically collect information about the Service using cookies and other technology to better customise the Service for you. We use the information to monitor and analyse the Service performance, collect metrics about visits to our website and functionality being used and track the effectiveness of Service email notifications and marketing initiatives. Whenever you visit and interact with our Service, you accept that we automatically receive and record information on our server logs from your browser including your IP address, “cookie” information, and the page you requested. “Cookies” are identifiers we transfer to your computer or mobile device that allow us to recognize your browser or mobile device and tell us how and when pages and features in our Service are visited and by how many people. You may be able to change the preferences on your browser or mobile device to prevent or limit your computer or device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features.
How We May Share Your Data
From time to time we may need to share your Personal Data with others. We will only disclose this information to:
Service Providers. We use tier one service providers to provide us with database and infrastructure hosting, maintenance, web and application services. They may access Client Data or Personal Data as part of their processes in supplying those services to us. We limit the information that we supply them to only that necessary to provide the services we require from them.
Our Partners. We employ partners around the world who provide reseller and support services to our Clients. Client Data and Personal Data may be provided to our partners to enable them to perform their services effectively. Only the minimum amount of information necessary for them to undertake their services is provided. Our agreements with our partners requires them to maintain the confidentiality of this information.
Law Enforcement and Regulators. We may be required to provide Personal Data to law enforcement and government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws and regulations. We reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to defend our legal rights.
Any Other Person. Only where we have your express consent.
You have the right to keep your Personal Data provided to use the Service private. You may decline to share certain Personal Data with us. In doing so we may not be able to provide some features or functionality of the Service to you.
You may object to the processing of any of your Personal Data at any time on legitimate grounds except if otherwise permitted by applicable law.
Opting Out. You may opt out from the collection of navigation information about your visits to our websites by Google Analytics using the Google Analytics opt out feature –https://support.google.com/analytics/answer/181881?hl=en
We follow generally accepted industry standards to protect Personal Data and Client Data both while being transmitted to us and once received. These standards are also used to protect such data against accidental or unlawful destruction, loss, alteration, disclosure, misuse or processing while in our possession.
No method of transmission or storage of data is 100% secure. We cannot warrant the security of any information you transmit to us or store in the Service and you do so at your own risk. We also cannot guarantee that such information will not be accessed, amended, destroyed or disclosed due to a breach of our technical and physical safeguards. If you believe that your data has been breached, please contact us as described in the “Contact Us” section of this policy.
If we learn of a security breach we will inform you and the relevant authorities of this in accordance with applicable law.
We retain Personal Data collected for as long as we have a relationship with you and for a period of time afterwards where we have a need to retain it as per our data retention policies. Once we have finished with the Personal Data we either delete or anonymise it.
The length of time that we retain Personal Data depends on what that data is and whether we have a need to keep it in order, for example, to continue to provide you with a service you’ve requested or to comply with any accounting, tax or legal requirements.
Information Processing And Transfers For Data Subjects In The European Economic Area (“EEA”)
European Union Regulation 2016/679 of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”), requires Us to provide additional and different information about its data processing practices to data subjects in the European Economic Area (“EEA”). If you are located in a member state of the EEA and access our Service, or otherwise provide us with your personal data in-person, or via phone, email or mail, this policy applies to you.
As an individual in the EEA, we collect and process information about you where we have legal bases for doing so under EU laws. We only collect and use the information when:
- A. We need it to provide you the Services, including operating the Services, provide customer support and personalize features as well as for safety and security processes;
- B. It serves a legitimate interest (which is not overridden by your data protection interests), such as for research and development, for marketing and promotion and to protect our legal rights and interests;
- C. You have given us consent to do so for a specific purpose; and
- D. We need the information to comply with legal obligations.
- E. If you have given consent to our use of your information for a specific purpose, you can change your mind at any time, but this will not affect any processing that has already taken place. You have the right to object to the use of your information, but this may mean that the Service might no longer be available to you.
As a user of the Service, you must have a Microsoft Office 365 account as this governs your access rights; as such, your data will be held in the location that you have associated to your Microsoft Office 365 logon, and We do not control that, or have any ability to change it. Microsoft provide specific guarantees and support to the GDPR legislation here: https://servicetrust.microsoft.com./
In some circumstances, We may be asked to process personal data that requires for a data transfer to processors outside the EEA, such as for backup, search, or other processing activities. In such cases, the data will remain within the Microsoft technical ecosystem (Microsoft Azure), and the same protections apply; further information concerning these protections can be found here: https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted. This data transfer is only for the purpose of providing the Service to you, and for the specific purpose you have agreed to, and at your request.
Contact Us Should you have any questions or comments about this policy, your Personal Data that we store and how we use it please contact us on firstname.lastname@example.org.